ndpiReader: add breed stats on output used for CI

ntop · Jan 4, 2024 · 3da8d80 · 3da8d80
1 parent 3d09b25
commit 3da8d80
Show file tree

Hide file tree

Showing 488 changed files with 1,161 additions and 5 deletions.
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
@@ -3646,7 +3646,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
   u_int32_t avg_pkt_size = 0;
   int thread_id;
   char buf[32];
-  long long unsigned int breed_stats[NUM_BREEDS] = { 0 };
+  long long unsigned int breed_stats_pkts[NUM_BREEDS] = { 0 };
+  long long unsigned int breed_stats_bytes[NUM_BREEDS] = { 0 };
+  long long unsigned int breed_stats_flows[NUM_BREEDS] = { 0 };
 
   memset(&cumulative_stats, 0, sizeof(cumulative_stats));
 
@@ -4024,7 +4026,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
     ndpi_protocol_breed_t breed = ndpi_get_proto_breed(ndpi_thread_info[0].workflow->ndpi_struct, i);
 
     if(cumulative_stats.protocol_counter[i] > 0) {
-      breed_stats[breed] += (long long unsigned int)cumulative_stats.protocol_counter_bytes[i];
+      breed_stats_bytes[breed] += (long long unsigned int)cumulative_stats.protocol_counter_bytes[i];
+      breed_stats_pkts[breed] += (long long unsigned int)cumulative_stats.protocol_counter[i];
+      breed_stats_flows[breed] += (long long unsigned int)cumulative_stats.protocol_flows[i];
 
       if(results_file)
 	fprintf(results_file, "%s\t%llu\t%llu\t%u\n",
@@ -4049,10 +4053,21 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
     printf("\n\nProtocol statistics:\n");
 
     for(i=0; i < NUM_BREEDS; i++) {
-      if(breed_stats[i] > 0) {
-	printf("\t%-20s %13llu bytes\n",
+      if(breed_stats_pkts[i] > 0) {
+	printf("\t%-20s packets: %-13llu bytes: %-13llu "
+	       "flows: %-13llu\n",
 	       ndpi_get_proto_breed_name(ndpi_thread_info[0].workflow->ndpi_struct, i),
-	       breed_stats[i]);
+	       breed_stats_pkts[i], breed_stats_bytes[i], breed_stats_flows[i]);
+      }
+    }
+  }
+  if(results_file) {
+    fprintf(results_file, "\n");
+    for(i=0; i < NUM_BREEDS; i++) {
+      if(breed_stats_pkts[i] > 0) {
+	fprintf(results_file, "%-20s %13llu %-13llu %-13llu\n",
+	        ndpi_get_proto_breed_name(ndpi_thread_info[0].workflow->ndpi_struct, i),
+	        breed_stats_pkts[i], breed_stats_bytes[i], breed_stats_flows[i]);
       }
     }
   }

diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out
@@ -28,6 +28,9 @@ TLS	29	23166	1
 HTTP_Proxy	10	2375	1
 Ookla	74	12870	4
 
+Safe                           103 36036         5            
+Acceptable                      10 2375          1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.1.128            	 2      

diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out
@@ -43,6 +43,11 @@ Microsoft365	136	52120	6
 Teams	595	215358	26
 Azure	2	294	1
 
+Safe                          1168 564758        49           
+Acceptable                     325 111699        32           
+Fun                              1 82            1            
+Unrated                          4 456           1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.1.6              	 6      

diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out
@@ -44,6 +44,12 @@ MpegDash	1	299	1
 1kxun	914	1969311	48
 Line	30	19034	3
 
+Safe                           124 28754         9            
+Acceptable                     622 514902        119          
+Fun                            948 1976493       53           
+Dangerous                        5 1197          2            
+Unrated                         24 6428          14           
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.5.16             	 2      

diff --git a/tests/cfgs/default/result/443-chrome.pcap.out b/tests/cfgs/default/result/443-chrome.pcap.out
@@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 TLS	1	1506	1
 
+Safe                             1 1506          1            
+
 	1	TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
diff --git a/tests/cfgs/default/result/443-curl.pcap.out b/tests/cfgs/default/result/443-curl.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 ntop	109	73982	1
 
+Safe                           109 73982         1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.1.13             	 1      

diff --git a/tests/cfgs/default/result/443-firefox.pcap.out b/tests/cfgs/default/result/443-firefox.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 ntop	667	458067	1
 
+Safe                           667 458067        1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.1.13             	 1      

diff --git a/tests/cfgs/default/result/443-git.pcap.out b/tests/cfgs/default/result/443-git.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 Github	70	37189	1
 
+Acceptable                      70 37189         1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.1.13             	 1      

diff --git a/tests/cfgs/default/result/443-opvn.pcap.out b/tests/cfgs/default/result/443-opvn.pcap.out
@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 OpenVPN	46	11573	1
 
+Acceptable                      46 11573         1            
+
 	1	TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0]
diff --git a/tests/cfgs/default/result/443-safari.pcap.out b/tests/cfgs/default/result/443-safari.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 ntop	41	19929	1
 
+Safe                            41 19929         1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.1.13             	 1      

diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 Unknown	5	850	1
 
+Unrated                          5 850           1            
+
 
 
 Undetected flows:

diff --git a/tests/cfgs/default/result/4in6tunnel.pcap.out b/tests/cfgs/default/result/4in6tunnel.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 Microsoft	4	2188	1
 
+Safe                             4 2188          1            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 192.168.0.1              	 1      

diff --git a/tests/cfgs/default/result/6in4tunnel.pcap.out b/tests/cfgs/default/result/6in4tunnel.pcap.out
@@ -29,6 +29,10 @@ TLS	28	15397	1
 ICMPV6	48	7862	3
 Facebook	37	14726	3
 
+Safe                            32 15913         3            
+Acceptable                      58 9654          4            
+Fun                             37 14726         3            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 2001:470:1f17:13f:3e97:eff:fe73:4dec 	 2      

diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found)
 
 Unknown	2	212	1
 
+Unrated                          2 212           1            
+
 
 
 Undetected flows:

diff --git a/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out
@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 BGP	14	969	1
 
+Acceptable                      14 969           1            
+
 	1	TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][7 pkts/388 bytes <-> 7 pkts/581 bytes][Goodput ratio: 20/46][50.10 sec][bytes ratio: -0.199 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10014/9944 50028/49681 20007/19868][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 55/83 101/195 20/49][Plen Bins: 57,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/BGP_redist.pcap.out b/tests/cfgs/default/result/BGP_redist.pcap.out
@@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 BGP	2	322	2
 
+Acceptable                       2 322           2            
+
 	1	TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/159 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out
@@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 Google	23	11743	2
 EAQ	174	10092	29
 
+Acceptable                     197 21835         31           
+
 	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Goodput ratio: 23/97][0.51 sec][Hostname/SNI: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76/114 400/349 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/1666 193/2818 45/1240][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][Content-Type: text/html][Server: gws][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][PLAIN TEXT (we50oDAAg HTTP/1.1)][Plen Bins: 0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,60]
 	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Goodput ratio: 26/72][0.20 sec][Hostname/SNI: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 51/50 139/89 54/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78/191 154/602 39/237][URL: www.google.com/][StatusCode: 302][Content-Type: text/html][Server: GFE/2.0][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][86.62 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642/21642 21860/21869 132/138][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

diff --git a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -25,6 +25,8 @@ RTP	1330	182702	1
 SIP	92	52851	3
 Megaco	130	23570	1
 
+Acceptable                    1552 259123        5            
+
 	1	UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

diff --git a/tests/cfgs/default/result/IEC104.pcap.out b/tests/cfgs/default/result/IEC104.pcap.out
@@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 IEC60870	15	1431	2
 
+Acceptable                      15 1431          2            
+
 	1	TCP 10.175.211.1:2404 <-> 10.119.105.26:54768 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: IoT-Scada/31][7 pkts/987 bytes <-> 5 pkts/270 bytes][Goodput ratio: 61/0][2.00 sec][bytes ratio: 0.570 (Upload)][IAT c2s/s2c min/avg/max/stddev: 36/199 360/521 935/935 313/307][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 141/54 306/54 90/0][Plen Bins: 51,0,0,16,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 10.175.211.3:2404 <-> 10.119.105.26:54769 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: IoT-Scada/31][2 pkts/120 bytes <-> 1 pkts/54 bytes][Goodput ratio: 5/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
@@ -34,6 +34,10 @@ Facebook	211	51558	11
 HTTP_Proxy	26	3926	1
 KakaoTalk	55	9990	15
 
+Safe                            37 5258          7            
+Acceptable                      99 15120         20           
+Fun                            211 51558         11           
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 10.24.82.188             	 3      

diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@@ -36,6 +36,10 @@ KakaoTalk	85	20646	2
 KakaoTalk_Voice	44	6196	2
 AmazonAWS	4	396	1
 
+Safe                            41 5761          8            
+Acceptable                    3145 428107        10           
+Fun                             17 1924          2            
+
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
 	1	 10.24.82.188             	 2      

diff --git a/tests/cfgs/default/result/NTPv2.pcap.out b/tests/cfgs/default/result/NTPv2.pcap.out
@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 NTP	1	410	1
 
+Acceptable                       1 410           1            
+
 	1	UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/410 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/NTPv3.pcap.out b/tests/cfgs/default/result/NTPv3.pcap.out
@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 NTP	1	90	1
 
+Acceptable                       1 90            1            
+
 	1	UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/NTPv4.pcap.out b/tests/cfgs/default/result/NTPv4.pcap.out
@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 NTP	1	90	1
 
+Acceptable                       1 90            1            
+
 	1	UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/Oscar.pcap.out b/tests/cfgs/default/result/Oscar.pcap.out
@@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 TLS	71	9386	1
 
+Safe                            71 9386          1            
+
 	1	TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 21][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/TivoDVR.pcap.out b/tests/cfgs/default/result/TivoDVR.pcap.out
@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 TiVoConnect	2	422	1
 
+Fun                              2 422           1            
+
 	1	UDP 98.245.242.69:2190 -> 255.255.255.255:2190 [proto: 308/TiVoConnect][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/422 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][0.00 sec][UUID: 4d696e69-444c-164e-9d41-1459c099c04][Machine: R7000P][Platform: pc/minidlna][Services: TiVoMediaServer:8200/http][PLAIN TEXT (TiVoConnect)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/WebattackRCE.pcap.out b/tests/cfgs/default/result/WebattackRCE.pcap.out
@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 HTTP	797	191003	797
 
+Acceptable                     797 191003        797          
+
 	1	TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		TLS 1 1506 1

		Safe 1 1506 1

		1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: Unidirectional Traffic ][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		OpenVPN 46 11573 1

		Acceptable 46 11573 1

		1 TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found)

		Unknown 5 850 1

		Unrated 5 850 1



		Undetected flows:
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found)

		Unknown 2 212 1

		Unrated 2 212 1



		Undetected flows:
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		BGP 14 969 1

		Acceptable 14 969 1

		1 TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][7 pkts/388 bytes <-> 7 pkts/581 bytes][Goodput ratio: 20/46][50.10 sec][bytes ratio: -0.199 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10014/9944 50028/49681 20007/19868][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 55/83 101/195 20/49][Plen Bins: 57,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		NTP 1 410 1

		Acceptable 1 410 1

		1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/410 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: Unidirectional Traffic ][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		NTP 1 90 1

		Acceptable 1 90 1

		1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: Unidirectional Traffic ][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		TLS 71 9386 1

		Safe 71 9386 1

		1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 21][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][Risk: Fully encrypted flow ][Risk Score: 50][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found)

		TiVoConnect 2 422 1

		Fun 2 422 1

		1 UDP 98.245.242.69:2190 -> 255.255.255.255:2190 [proto: 308/TiVoConnect][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/422 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][0.00 sec][UUID: 4d696e69-444c-164e-9d41-1459c099c04][Machine: R7000P][Platform: pc/minidlna][Services: TiVoMediaServer:8200/http][PLAIN TEXT (TiVoConnect)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]