Fixed broken "not-detected" event/packet capture in captured example.

* aligned it with influxd example

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

examples/c-captured/c-captured.c

@@ -63,11 +63,12 @@ struct global_user_data
 
 struct flow_user_data
 {
-    uint8_t detection_finished;
+    uint8_t new_seen : 1;
-    uint8_t guessed;
+    uint8_t detection_finished : 1;
-    uint8_t detected;
+    uint8_t guessed : 1;
-    uint8_t risky;
+    uint8_t detected : 1;
-    uint8_t midstream;
+    uint8_t risky : 1;
+    uint8_t midstream : 1;
     nDPIsrvd_ull flow_datalink;
     nDPIsrvd_ull flow_max_packets;
     nDPIsrvd_ull flow_tot_l4_payload_len;
@@ -523,7 +524,7 @@ static int packet_write_pcap_file(struct global_user_data const * const global_u
             decode_base64(pd, pd_elt_dmp, NULL);
         }
 #ifdef VERBOSE
-        printf("packets dumped to %s\n", pcap_filename);
+        printf("packets dumped to %s\n", filename);
 #endif
         pcap_dump_close(pd);
         pcap_close(p);
@@ -876,6 +877,8 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
 
         if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "new") != 0)
         {
+            flow_user->new_seen = 1;
+
             perror_ull(TOKEN_VALUE_TO_ULL(sock, TOKEN_GET_SZ(sock, "flow_datalink"), &flow_user->flow_datalink),
                        "flow_datalink");
             perror_ull(TOKEN_VALUE_TO_ULL(sock, TOKEN_GET_SZ(sock, "flow_max_packets"), &flow_user->flow_max_packets),
@@ -887,14 +890,9 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
 
             return CALLBACK_OK;
         }
-        else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "end") != 0)
+        else if (flow_user->new_seen == 0)
         {
-            struct nDPIsrvd_json_token const * const ndpi_proto = TOKEN_GET_SZ(sock, "ndpi", "proto");
+            return CALLBACK_OK;
-
-            if (ndpi_proto != NULL)
-            {
-                flow_user->detected = 1;
-            }
         }
         else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "guessed") != 0)
         {
@@ -903,19 +901,16 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
         else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "not-detected") != 0)
         {
             flow_user->detected = 0;
+            flow_user->detection_finished = 1;
         }
         else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "detected") != 0 ||
-                 TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "detection-update") != 0 ||
+                 TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "detection-update"))
-                 TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "update") != 0)
         {
             struct nDPIsrvd_json_token const * const flow_risk = TOKEN_GET_SZ(sock, "ndpi", "flow_risk");
             struct nDPIsrvd_json_token const * current = NULL;
             int next_child_index = -1;
 
-            if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "update") == 0)
+            flow_user->detected = 1;
-            {
-                flow_user->detected = 1;
-            }
 
             if (flow_risk != NULL)
             {
@@ -926,7 +921,6 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
                     if (str_value_to_ull(TOKEN_GET_KEY(sock, current, NULL), &numeric_risk_value) == CONVERSION_OK &&
                         numeric_risk_value < NDPI_MAX_RISK && has_ndpi_risk(&process_risky, numeric_risk_value) != 0)
                     {
-                        flow_user->detected = 1;
                         flow_user->risky = 1;
                     }
                 }
@@ -938,6 +932,11 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
              (flow_user->detected == 0 && process_undetected != 0) || (flow_user->risky != 0 && process_risky != 0) ||
              (flow_user->midstream != 0 && process_midstream != 0)))
         {
+            if (flow_user->guessed != 0 && flow_user->detected != 0)
+            {
+                log_event(sock, flow, "BUG: guessed and detected at the same time");
+            }
+
             if (logging_mode != 0)
             {
                 if (flow_user->guessed != 0)
@@ -954,7 +953,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
             {
                 if (capture_mode != 0)
                 {
-                    logger(0, "Flow %llu: No packets captured.", flow->id_as_ull);
+                    log_event(sock, flow, "No packets captured");
                 }
             }
             else if (capture_mode != 0)
@@ -965,15 +964,16 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
                     char pcap_filename[PATH_MAX];
                     if (flow_generate_pcap_filename(flow_user, pcap_filename, sizeof(pcap_filename)) == NULL)
                     {
-                        logger(1, "%s", "Internal error. Could not generate PCAP filename, exit ..");
+                        log_event(sock, flow, "Internal error. Could not generate PCAP filename, exit ..");
                         return CALLBACK_ERROR;
                     }
 #ifdef VERBOSE
                     printf("Flow %llu saved to %s\n", flow->id_as_ull, pcap_filename);
 #endif
+                    errno = 0;
                     if (flow_write_pcap_file(flow_user, pcap_filename) != 0)
                     {
-                        logger(1, "Could not dump packet data to pcap file %s", pcap_filename);
+                        logger(1, "Could not dump packet data to pcap file %s: %s", pcap_filename, strerror(errno));
                         return CALLBACK_OK;
                     }
                 }
@@ -1318,12 +1318,12 @@ int main(int argc, char ** argv)
     init_logging("nDPIsrvd-captured");
 
     ndpisrvd_socket = nDPIsrvd_socket_init(sizeof(struct global_user_data),
-                                0,
+                                           0,
-                                0,
+                                           0,
-                                sizeof(struct flow_user_data),
+                                           sizeof(struct flow_user_data),
-                                captured_json_callback,
+                                           captured_json_callback,
-                                NULL,
+                                           NULL,
-                                captured_flow_cleanup_callback);
+                                           captured_flow_cleanup_callback);
     if (ndpisrvd_socket == NULL)
     {
         fprintf(stderr, "%s: nDPIsrvd socket memory allocation failed!\n", argv[0]);

test/results/flow-captured/caches_cfg/teams.pcap.out

@@ -13,6 +13,8 @@ Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
 Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
 Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
 Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
+Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
+Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
 Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
 Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016

test/results/flow-captured/default/1kxun.pcap.out

@@ -10,18 +10,32 @@ Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
 Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
 Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
 Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
+Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
+Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
+Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
 Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
+Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
 Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
 Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
+Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
+Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
 Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
 Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
 Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443
 Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443
 Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443
 Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443
+Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
+Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
+Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
+Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
+Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
 Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
 Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
+Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
+Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
 Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
+Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947
 Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80
 Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80
 Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80

test/results/flow-captured/default/6in6tunnel.pcap.out

@@ -0,0 +1,2 @@
+Flow 1 not-detected: 41 2001:4f8:4:7:2e0:81ff:fe52:ffff -> 2001:4f8:4:7:2e0:81ff:fe52:9a6b
+Flow 2 not-detected: 41 feed::beef -> feed::cafe

test/results/flow-captured/default/anyconnect-vpn.pcap.out

@@ -15,5 +15,8 @@ Flow 44 risky: tcp 10.0.0.227:56886 -> 17.57.144.116:5223
 Flow 44 midstream: tcp 10.0.0.227:56886 -> 17.57.144.116:5223
 Flow 15 risky: tcp 10.0.0.227:56919 -> 8.37.102.91:443
 Flow 38 risky: tcp 10.0.0.227:56929 -> 8.37.102.91:443
+Flow 40 not-detected: tcp 10.0.0.227:56866 -> 10.0.0.151:8060
+Flow 40 midstream: tcp 10.0.0.227:56866 -> 10.0.0.151:8060
 Flow 62 risky: tcp 10.0.0.227:56954 -> 10.0.0.149:8008
 Flow 63 risky: tcp 10.0.0.227:56955 -> 10.0.0.151:8060
+Flow 60 not-detected: udp 10.0.0.227:52595 -> 10.0.0.1:192

test/results/flow-captured/default/custom_rules_ipv6.pcapng.out

@@ -0,0 +1,3 @@
+Flow 1 not-detected: udp 3ffe:507::1:200:86ff:fe05:80da:21554 -> 3ffe:501:4819::42:5333
+Flow 4 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12718 -> ff02::1:26993
+Flow 5 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12717 -> ff02::1:64315

test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out

@@ -0,0 +1,2 @@
+Flow 3 not-detected: tcp 192.168.1.245:58288 -> 3.3.3.3:446
+Flow 2 not-detected: tcp 192.168.1.245:59682 -> 3.3.3.3:444

test/results/flow-captured/default/ftp.pcap.out

@@ -1,2 +1,3 @@
 Flow 1 risky: tcp 192.168.1.212:50694 -> 90.130.70.73:21
+Flow 3 not-detected: tcp 192.168.1.212:50696 -> 90.130.70.73:24523
 Flow 2 risky: tcp 192.168.1.212:50695 -> 90.130.70.73:25685

test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out

@@ -1,25 +1,69 @@
 Flow 17 risky: udp 192.168.1.2:138 -> 192.168.1.251:138
 Flow 22 risky: udp 192.168.1.2:2719 -> 192.168.1.1:53
+Flow 41 not-detected: tcp 192.168.1.2:2721 -> 147.234.1.253:58999
+Flow 41 midstream: tcp 192.168.1.2:2721 -> 147.234.1.253:58999
+Flow 9 not-detected: udp 192.168.1.2:2597 -> 192.168.1.1:29440
+Flow 5 not-detected: udp 192.168.1.2:2712 -> 192.168.1.1:49973
+Flow 15 not-detected: udp 192.168.1.1:9587 -> 192.168.1.2:156
+Flow 47 not-detected: udp 192.168.1.2:2724 -> 192.168.1.1:9587
+Flow 55 not-detected: udp 192.168.1.2:43690 -> 192.170.170.170:43690
 Flow 91 risky: udp 192.168.1.2:5060 -> 200.68.120.81:5060
 Flow 97 risky: udp 192.168.1.1:53 -> 192.168.1.2:2751
 Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440
+Flow 78 not-detected: udp 192.168.1.2:2730 -> 192.168.1.1:43690
 Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53
+Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690
 Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763
 Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53
 Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765
 Flow 141 risky: udp 192.168.1.2:138 -> 192.168.1.255:138
+Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690
 Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53
+Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35
+Flow 133 not-detected: udp 94.168.1.2:2768 -> 192.168.1.1:4
+Flow 135 not-detected: udp 192.168.1.1:117 -> 192.168.1.2:2769
 Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792
+Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196
+Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1
+Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
+Flow 107 not-detected: 118 192.168.1.2 -> 200.68.120.81
 Flow 180 risky: udp 192.168.1.41:138 -> 192.168.1.255:138
 Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53
 Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53
 Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53
 Flow 197 risky: udp 192.168.1.2:2797 -> 192.168.1.1:53
+Flow 186 not-detected: udp 192.168.1.2:43690 -> 192.168.170.170:43690
 Flow 204 risky: udp 192.168.1.2:2801 -> 192.168.1.1:53
+Flow 136 not-detected: 127 192.168.1.2 -> 192.168.1.1
 Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807
+Flow 195 not-detected: udp 192.168.170.170:43690 -> 170.170.170.170:43690
+Flow 149 not-detected: 0 192.168.1.2 -> 192.168.1.255
+Flow 203 not-detected: udp 192.168.1.2:2800 -> 192.168.1.1:21
 Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53
+Flow 157 not-detected: 19 192.168.1.2 -> 192.168.1.1
+Flow 117 not-detected: 37 192.168.1.1 -> 192.168.1.2
+Flow 211 not-detected: udp 192.168.1.2:2805 -> 192.168.1.1:51
+Flow 215 not-detected: udp 192.168.1.2:2808 -> 192.168.1.1:38709
+Flow 166 not-detected: 0 192.168.1.1 -> 192.168.1.2
 Flow 243 risky: udp 192.168.1.2:138 -> 192.168.1.255:138
 Flow 244 risky: udp 192.168.1.2:2826 -> 192.168.1.1:53
+Flow 33 not-detected: tcp 147.234.1.253:1045 -> 192.168.1.2:2720
+Flow 33 midstream: tcp 147.234.1.253:1045 -> 192.168.1.2:2720
+Flow 29 not-detected: tcp 147.234.1.170:43690 -> 170.170.170.170:43690
+Flow 205 not-detected: 0 192.168.1.2 -> 212.242.33.35
 Flow 249 risky: udp 192.168.1.1:53 -> 192.168.1.2:2572
+Flow 42 not-detected: tcp 147.234.1.253:58999 -> 192.232.1.2:2721
+Flow 42 midstream: tcp 147.234.1.253:58999 -> 192.232.1.2:2721
+Flow 39 not-detected: tcp 192.168.1.6:2721 -> 147.234.1.253:58999
 Flow 254 risky: udp 192.168.1.2:2830 -> 192.168.1.1:53
+Flow 40 not-detected: tcp 37.115.0.253:58999 -> 192.168.1.2:2721
+Flow 37 not-detected: 170 170.170.170.170 -> 170.170.170.170
+Flow 30 not-detected: tcp 147.234.1.249:2069 -> 192.168.1.2:2720
+Flow 30 midstream: tcp 147.234.1.249:2069 -> 192.168.1.2:2720
 Flow 32 midstream: tcp 147.234.1.253:21 -> 192.168.1.2:2732
+Flow 237 not-detected: udp 81.168.1.2:30000 -> 212.242.33.36:40392
+Flow 28 not-detected: tcp 147.234.1.253:120 -> 192.168.1.2:2720
+Flow 28 midstream: tcp 147.234.1.253:120 -> 192.168.1.2:2720
+Flow 233 not-detected: udp 192.168.1.3:30000 -> 212.242.33.36:40392
+Flow 236 not-detected: udp 192.168.1.2:30000 -> 214.242.33.36:40392
+Flow 234 not-detected: udp 192.168.1.2:30000 -> 37.115.0.36:40392

test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out

@@ -1,6 +1,11 @@
 Flow 34 risky: tcp 172.20.3.13:53136 -> 172.20.3.5:80
 Flow 34 midstream: tcp 172.20.3.13:53136 -> 172.20.3.5:80
+Flow 39 not-detected: 115 172.20.3.13 -> 172.20.3.5
+Flow 24 not-detected: tcp 170.170.170.170:43690 -> 170.170.170.170:43690
 Flow 11 risky: tcp 172.20.3.5:2602 -> 172.20.3.13:80
 Flow 11 midstream: tcp 172.20.3.5:2602 -> 172.20.3.13:80
+Flow 3 not-detected: tcp 172.20.3.13:81 -> 172.20.3.5:2601
+Flow 3 midstream: tcp 172.20.3.13:81 -> 172.20.3.5:2601
 Flow 18 risky: tcp 172.20.3.5:2604 -> 172.20.3.13:80
 Flow 27 risky: tcp 172.20.3.5:2606 -> 172.20.3.13:80
+Flow 10 not-detected: 170 170.170.170.170 -> 170.170.170.170

test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out

@@ -0,0 +1,19 @@
+Flow 4 not-detected: udp 10.12.64.30:29200 -> 198.226.25.53:1796
+Flow 6 not-detected: udp 198.226.25.53:30764 -> 10.12.64.30:12344
+Flow 10 not-detected: udp 198.226.25.53:309 -> 10.12.64.30:12339
+Flow 7 not-detected: udp 198.226.170.170:43690 -> 170.170.170.170:43690
+Flow 13 not-detected: udp 198.162.25.53:1810 -> 10.12.64.30:29200
+Flow 11 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
+Flow 25 not-detected: udp 198.226.25.53:1895 -> 10.12.64.30:29200
+Flow 17 not-detected: 88 198.226.25.53 -> 10.12.64.30
+Flow 18 not-detected: 254 10.12.64.30 -> 198.226.25.53
+Flow 23 not-detected: 85 198.226.25.62 -> 10.12.64.30
+Flow 43 not-detected: udp 198.226.25.53:1965 -> 10.12.64.30:29200
+Flow 47 not-detected: udp 198.226.25.53:43690 -> 10.12.170.170:43690
+Flow 44 not-detected: 0 10.12.64.30 -> 198.226.25.53
+Flow 64 not-detected: udp 198.226.25.53:3860 -> 14.12.64.30:29200
+Flow 68 not-detected: udp 198.226.25.53:43028 -> 10.12.64.30:29200
+Flow 40 not-detected: 170 170.170.170.170 -> 170.170.170.170
+Flow 74 not-detected: udp 198.226.25.53:1814 -> 10.12.64.30:29200
+Flow 75 not-detected: udp 57.12.64.30:29200 -> 198.226.25.53:28948
+Flow 79 not-detected: 37 198.226.25.53 -> 10.12.64.30

test/results/flow-captured/default/gnutella.pcap.out

@@ -187,9 +187,13 @@ Flow 77 risky: tcp 10.0.2.15:50236 -> 93.29.135.209:6346
 Flow 73 risky: tcp 10.0.2.15:50232 -> 182.155.242.225:15068
 Flow 67 risky: tcp 10.0.2.15:50226 -> 116.241.162.162:15677
 Flow 119 risky: tcp 10.0.2.15:50250 -> 27.94.154.53:6346
+Flow 42 not-detected: tcp 10.0.2.15:50202 -> 61.238.173.128:57648
 Flow 36 risky: tcp 10.0.2.15:50197 -> 118.168.15.71:3931
 Flow 121 risky: tcp 10.0.2.15:50252 -> 123.202.31.113:19768
+Flow 63 not-detected: tcp 10.0.2.15:50222 -> 119.14.143.237:6523
+Flow 61 not-detected: tcp 10.0.2.15:50220 -> 36.233.196.226:3820
 Flow 43 risky: tcp 10.0.2.15:50203 -> 61.222.160.99:18994
+Flow 69 not-detected: tcp 10.0.2.15:50228 -> 111.241.31.96:14384
 Flow 122 risky: tcp 10.0.2.15:50253 -> 103.232.107.100:43508
 Flow 38 risky: tcp 10.0.2.15:50199 -> 47.147.52.21:36728
 Flow 51 risky: tcp 10.0.2.15:50211 -> 14.199.10.60:23458
@@ -204,14 +208,17 @@ Flow 289 risky: tcp 10.0.2.15:50313 -> 96.65.68.194:35481
 Flow 223 risky: tcp 10.0.2.15:50269 -> 218.103.139.2:3186
 Flow 148 risky: tcp 10.0.2.15:50261 -> 156.57.42.2:33476
 Flow 280 risky: tcp 10.0.2.15:50304 -> 85.168.34.105:39908
+Flow 143 not-detected: tcp 10.0.2.15:50256 -> 36.233.201.161:2886
 Flow 285 risky: tcp 10.0.2.15:50309 -> 60.241.48.194:21301
 Flow 283 risky: tcp 10.0.2.15:50307 -> 176.99.176.20:6346
 Flow 149 risky: tcp 10.0.2.15:50262 -> 80.61.221.246:30577
 Flow 295 risky: tcp 10.0.2.15:50319 -> 185.187.74.173:53489
 Flow 298 risky: tcp 10.0.2.15:50322 -> 164.132.10.25:55302
+Flow 237 not-detected: tcp 10.0.2.15:50283 -> 51.68.153.214:35004
 Flow 269 risky: tcp 10.0.2.15:50293 -> 97.83.183.148:8890
 Flow 296 risky: tcp 10.0.2.15:50320 -> 194.163.180.126:10825
 Flow 284 risky: tcp 10.0.2.15:50308 -> 193.37.255.130:61616
+Flow 153 not-detected: tcp 10.0.2.15:50266 -> 219.70.175.103:4315
 Flow 37 risky: tcp 10.0.2.15:50198 -> 86.129.196.84:9915
 Flow 287 risky: tcp 10.0.2.15:50311 -> 149.28.163.175:49956
 Flow 291 risky: tcp 10.0.2.15:50315 -> 45.31.152.112:26851
@@ -241,6 +248,11 @@ Flow 364 risky: udp 10.0.2.15:28681 -> 194.163.180.126:10825
 Flow 367 risky: udp 10.0.2.15:28681 -> 149.28.163.175:49956
 Flow 267 risky: tcp 10.0.2.15:50291 -> 200.7.155.210:28365
 Flow 345 risky: tcp 10.0.2.15:50330 -> 69.118.162.229:46906
+Flow 220 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:9239
+Flow 31 not-detected: tcp 10.0.2.15:50193 -> 89.75.52.19:46010
+Flow 28 not-detected: tcp 10.0.2.15:50190 -> 80.140.63.147:29545
+Flow 30 not-detected: tcp 10.0.2.15:50192 -> 45.65.87.24:16201
+Flow 29 not-detected: tcp 10.0.2.15:50191 -> 207.38.163.228:6778
 Flow 371 risky: udp 10.0.2.15:28681 -> 109.131.202.24:44748
 Flow 370 risky: udp 10.0.2.15:28681 -> 91.172.56.198:11984
 Flow 374 risky: udp 10.0.2.15:28681 -> 62.35.190.5:18604
@@ -302,6 +314,8 @@ Flow 489 risky: udp 10.0.2.15:28681 -> 108.44.45.25:6346
 Flow 487 risky: udp 10.0.2.15:28681 -> 24.78.134.188:49046
 Flow 491 risky: udp 10.0.2.15:28681 -> 36.233.42.210:5512
 Flow 492 risky: udp 10.0.2.15:28681 -> 172.94.41.71:6346
+Flow 90 not-detected: tcp 10.0.2.15:50245 -> 73.62.225.181:46843
+Flow 300 not-detected: udp 10.0.2.15:28681 -> 104.238.172.250:23548
 Flow 509 risky: udp 10.0.2.15:28681 -> 92.142.109.190:41370
 Flow 511 risky: udp 10.0.2.15:28681 -> 68.47.223.27:6346
 Flow 496 risky: udp 10.0.2.15:28681 -> 218.173.230.98:19004
@@ -328,21 +342,318 @@ Flow 519 risky: udp 10.0.2.15:28681 -> 219.70.48.23:8070
 Flow 510 risky: udp 10.0.2.15:28681 -> 79.94.85.113:6346
 Flow 497 risky: udp 10.0.2.15:28681 -> 84.100.76.123:39628
 Flow 515 risky: udp 10.0.2.15:28681 -> 220.137.106.173:11625
+Flow 301 not-detected: udp 10.0.2.15:28681 -> 188.61.52.183:11852
+Flow 243 not-detected: udp 10.0.2.15:28681 -> 104.156.226.72:53258
+Flow 242 not-detected: udp 10.0.2.15:28681 -> 75.133.101.93:52367
 Flow 750 risky: udp 10.0.2.15:28681 -> 67.193.8.52:38584
 Flow 752 risky: udp 10.0.2.15:28681 -> 78.231.73.14:6346
 Flow 748 risky: udp 10.0.2.15:28681 -> 92.8.59.80:35192
 Flow 751 risky: udp 10.0.2.15:28681 -> 142.115.218.152:5900
 Flow 749 risky: udp 10.0.2.15:28681 -> 78.159.27.22:17563
 Flow 753 risky: udp 10.0.2.15:28681 -> 165.84.140.96:14400
+Flow 369 not-detected: udp 10.0.2.15:28681 -> 89.187.171.240:6346
 Flow 755 risky: udp 10.0.2.15:28681 -> 83.134.107.32:38836
 Flow 756 risky: udp 10.0.2.15:28681 -> 41.100.68.255:12838
+Flow 398 not-detected: udp 10.0.2.15:28681 -> 62.102.148.166:31332
+Flow 392 not-detected: udp 10.0.2.15:28681 -> 42.0.69.215:12608
+Flow 304 not-detected: udp 10.0.2.15:28681 -> 193.32.126.214:59596
+Flow 389 not-detected: udp 10.0.2.15:28681 -> 94.215.183.71:31310
+Flow 385 not-detected: udp 10.0.2.15:28681 -> 66.223.143.31:47978
+Flow 399 not-detected: udp 10.0.2.15:28681 -> 175.39.219.223:31728
+Flow 303 not-detected: udp 10.0.2.15:28681 -> 142.132.165.13:30566
+Flow 395 not-detected: udp 10.0.2.15:28681 -> 191.114.88.39:18751
+Flow 387 not-detected: udp 10.0.2.15:28681 -> 220.135.8.7:1219
+Flow 390 not-detected: udp 10.0.2.15:28681 -> 144.134.132.206:16401
+Flow 391 not-detected: udp 10.0.2.15:28681 -> 161.81.38.67:9539
+Flow 397 not-detected: udp 10.0.2.15:28681 -> 80.7.252.192:24634
+Flow 396 not-detected: udp 10.0.2.15:28681 -> 112.119.59.24:28755
+Flow 483 not-detected: udp 10.0.2.2:1026 -> 10.0.2.15:28681
 Flow 759 risky: udp 10.0.2.15:28681 -> 104.238.172.250:23548
 Flow 757 risky: udp 10.0.2.15:28681 -> 104.156.226.72:53258
+Flow 577 not-detected: udp 10.0.2.15:28681 -> 59.148.100.237:23459
+Flow 586 not-detected: udp 10.0.2.15:28681 -> 221.124.66.33:13060
+Flow 618 not-detected: udp 10.0.2.15:28681 -> 1.172.184.48:13281
+Flow 377 not-detected: udp 10.0.2.15:28681 -> 180.200.236.13:12082
+Flow 526 not-detected: udp 10.0.2.15:28681 -> 36.234.197.93:1483
+Flow 669 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:2846
+Flow 609 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:59016
+Flow 690 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:50637
+Flow 441 not-detected: udp 10.0.2.15:28681 -> 36.237.199.108:56040
+Flow 700 not-detected: udp 10.0.2.15:28681 -> 91.206.27.26:6578
+Flow 450 not-detected: udp 10.0.2.15:28681 -> 113.252.206.254:23458
+Flow 592 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:7190
+Flow 701 not-detected: udp 10.0.2.15:28681 -> 119.237.190.184:64163
+Flow 479 not-detected: udp 10.0.2.15:28681 -> 123.205.13.148:51896
+Flow 603 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:64577
+Flow 394 not-detected: udp 10.0.2.15:28681 -> 165.84.134.136:21407
+Flow 740 not-detected: udp 10.0.2.15:28681 -> 36.237.25.47:21293
+Flow 646 not-detected: udp 10.0.2.15:28681 -> 36.237.10.152:21293
+Flow 621 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3227
+Flow 733 not-detected: udp 10.0.2.15:28681 -> 99.199.148.6:4338
+Flow 597 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52274
+Flow 675 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:62191
+Flow 738 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3256
+Flow 628 not-detected: udp 10.0.2.15:28681 -> 45.65.87.24:16201
+Flow 616 not-detected: udp 10.0.2.15:28681 -> 220.208.167.152:30628
+Flow 596 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:58954
+Flow 474 not-detected: udp 10.0.2.15:28681 -> 80.61.221.246:45880
+Flow 713 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51379
+Flow 593 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:9747
+Flow 571 not-detected: udp 10.0.2.15:28681 -> 114.40.163.123:55341
+Flow 524 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:65362
+Flow 642 not-detected: udp 10.0.2.15:28681 -> 220.39.142.122:6346
+Flow 477 not-detected: udp 10.0.2.15:28681 -> 94.54.66.82:45640
+Flow 444 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:9010
+Flow 572 not-detected: udp 10.0.2.15:28681 -> 86.153.21.93:36696
+Flow 478 not-detected: udp 10.0.2.15:28681 -> 36.235.85.44:64914
+Flow 449 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:8826
+Flow 649 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:56128
+Flow 461 not-detected: udp 10.0.2.15:28681 -> 69.27.193.124:50555
+Flow 520 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3339
+Flow 335 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:37058
+Flow 635 not-detected: udp 10.0.2.15:28681 -> 219.70.48.23:2556
+Flow 636 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:53143
+Flow 637 not-detected: udp 10.0.2.15:28681 -> 36.233.194.73:1995
+Flow 676 not-detected: udp 10.0.2.15:28681 -> 1.64.208.110:55550
+Flow 722 not-detected: udp 10.0.2.15:28681 -> 213.32.245.121:12333
+Flow 578 not-detected: udp 10.0.2.15:28681 -> 77.205.243.44:46006
+Flow 737 not-detected: udp 10.0.2.15:28681 -> 174.115.127.251:23897
+Flow 584 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:18360
+Flow 472 not-detected: udp 10.0.2.15:28681 -> 94.54.66.82:45744
+Flow 471 not-detected: udp 10.0.2.15:28681 -> 80.7.252.192:43457
+Flow 744 not-detected: udp 10.0.2.15:28681 -> 164.132.10.25:48250
+Flow 707 not-detected: udp 10.0.2.15:28681 -> 183.179.14.31:64871
+Flow 476 not-detected: udp 10.0.2.15:28681 -> 98.18.172.208:63172
+Flow 381 not-detected: udp 10.0.2.15:28681 -> 77.58.211.52:3806
+Flow 683 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54459
+Flow 386 not-detected: udp 10.0.2.15:28681 -> 85.172.10.90:40162
+Flow 619 not-detected: udp 10.0.2.15:28681 -> 1.163.14.246:1630
+Flow 691 not-detected: udp 10.0.2.15:28681 -> 61.93.150.146:62507
+Flow 620 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53516
+Flow 667 not-detected: udp 10.0.2.15:28681 -> 223.18.211.177:18085
+Flow 720 not-detected: udp 10.0.2.15:28681 -> 76.26.178.132:10053
+Flow 443 not-detected: udp 10.0.2.15:28681 -> 183.179.14.31:54754
+Flow 697 not-detected: udp 10.0.2.15:28681 -> 14.199.10.60:53906
+Flow 622 not-detected: udp 10.0.2.15:28681 -> 36.234.18.166:61319
+Flow 714 not-detected: udp 10.0.2.15:28681 -> 76.174.174.69:21358
+Flow 614 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:60482
+Flow 746 not-detected: udp 10.0.2.15:28681 -> 123.205.126.102:5193
+Flow 606 not-detected: udp 10.0.2.15:28681 -> 149.28.163.175:42288
+Flow 739 not-detected: udp 10.0.2.15:28681 -> 104.156.226.72:19814
+Flow 587 not-detected: udp 10.0.2.15:28681 -> 94.134.154.158:54130
+Flow 550 not-detected: udp 10.0.2.15:28681 -> 220.238.145.82:33527
+Flow 688 not-detected: udp 10.0.2.15:28681 -> 114.36.234.196:11629
+Flow 670 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52669
+Flow 598 not-detected: udp 10.0.2.15:28681 -> 1.172.184.48:1512
+Flow 685 not-detected: udp 10.0.2.15:28681 -> 111.241.31.96:8349
+Flow 721 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:9897
+Flow 631 not-detected: udp 10.0.2.15:28681 -> 36.231.59.187:62234
+Flow 591 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53707
+Flow 594 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7375
+Flow 613 not-detected: udp 10.0.2.15:28681 -> 119.247.152.218:51920
+Flow 617 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7380
+Flow 582 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:10624
+Flow 568 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:56562
+Flow 446 not-detected: udp 10.0.2.15:28681 -> 61.70.199.107:60475
+Flow 470 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:46790
+Flow 623 not-detected: udp 10.0.2.15:28681 -> 210.209.249.84:24751
+Flow 629 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:45710
+Flow 692 not-detected: udp 10.0.2.15:28681 -> 76.110.153.177:40022
+Flow 604 not-detected: udp 10.0.2.15:28681 -> 123.202.31.113:53291
+Flow 718 not-detected: udp 10.0.2.15:28681 -> 218.102.208.175:9167
+Flow 447 not-detected: udp 10.0.2.15:28681 -> 14.199.10.60:23458
+Flow 451 not-detected: udp 10.0.2.15:28681 -> 218.35.66.21:22234
+Flow 600 not-detected: udp 10.0.2.15:28681 -> 1.64.156.63:60092
+Flow 645 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49803
+Flow 661 not-detected: udp 10.0.2.15:28681 -> 24.127.1.235:37814
+Flow 626 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49815
+Flow 384 not-detected: udp 10.0.2.15:28681 -> 75.64.6.175:4743
+Flow 378 not-detected: udp 10.0.2.15:28681 -> 118.241.204.61:43366
+Flow 703 not-detected: udp 10.0.2.15:28681 -> 114.40.67.191:14971
+Flow 656 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54914
+Flow 727 not-detected: udp 10.0.2.15:28681 -> 101.136.187.253:10914
+Flow 456 not-detected: udp 10.0.2.15:28681 -> 89.241.112.255:14766
+Flow 521 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:23458
+Flow 375 not-detected: udp 10.0.2.15:28681 -> 73.182.136.42:27873
+Flow 455 not-detected: udp 10.0.2.15:28681 -> 58.153.206.183:16919
+Flow 453 not-detected: udp 10.0.2.15:28681 -> 74.127.26.138:3083
+Flow 704 not-detected: udp 10.0.2.15:28681 -> 123.192.83.59:33513
+Flow 641 not-detected: udp 10.0.2.15:28681 -> 36.233.199.103:2625
+Flow 460 not-detected: udp 10.0.2.15:28681 -> 210.194.116.78:8342
+Flow 717 not-detected: udp 10.0.2.15:28681 -> 79.191.58.38:48157
+Flow 742 not-detected: udp 10.0.2.15:28681 -> 194.163.180.126:36780
+Flow 454 not-detected: udp 10.0.2.15:28681 -> 223.16.121.156:23183
+Flow 674 not-detected: udp 10.0.2.15:28681 -> 219.70.1.236:9369
+Flow 672 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:4765
+Flow 681 not-detected: udp 10.0.2.15:28681 -> 61.220.41.241:53072
+Flow 640 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:65430
+Flow 682 not-detected: udp 10.0.2.15:28681 -> 203.220.198.244:50896
+Flow 679 not-detected: udp 10.0.2.15:28681 -> 113.252.83.132:57131
+Flow 694 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6514
+Flow 469 not-detected: udp 10.0.2.15:28681 -> 87.123.54.234:47184
+Flow 665 not-detected: udp 10.0.2.15:28681 -> 82.36.106.134:3927
+Flow 660 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6527
+Flow 615 not-detected: udp 10.0.2.15:28681 -> 74.195.236.249:18557
+Flow 716 not-detected: udp 10.0.2.15:28681 -> 98.249.190.8:25198
+Flow 731 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6564
+Flow 388 not-detected: udp 10.0.2.15:28681 -> 121.7.145.36:33905
+Flow 735 not-detected: udp 10.0.2.15:28681 -> 45.31.152.112:52420
+Flow 747 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6599
+Flow 634 not-detected: udp 10.0.2.15:28681 -> 24.179.18.242:47329
+Flow 527 not-detected: udp 10.0.2.15:28681 -> 42.72.149.140:37848
+Flow 643 not-detected: udp 10.0.2.15:28681 -> 31.20.248.147:30706
+Flow 711 not-detected: udp 10.0.2.15:28681 -> 220.129.86.65:49723
+Flow 563 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:6831
+Flow 639 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7849
+Flow 729 not-detected: udp 10.0.2.15:28681 -> 114.47.227.91:54463
+Flow 732 not-detected: udp 10.0.2.15:28681 -> 85.168.34.105:39908
+Flow 633 not-detected: udp 10.0.2.15:28681 -> 68.174.18.115:50679
+Flow 607 not-detected: udp 10.0.2.15:28681 -> 111.241.31.96:4814
+Flow 705 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:8658
+Flow 698 not-detected: udp 10.0.2.15:28681 -> 70.81.219.111:19210
+Flow 595 not-detected: udp 10.0.2.15:28681 -> 175.182.21.156:13732
+Flow 723 not-detected: udp 10.0.2.15:28681 -> 175.39.219.223:13482
+Flow 376 not-detected: udp 10.0.2.15:28681 -> 156.57.42.2:33476
+Flow 673 not-detected: udp 10.0.2.15:28681 -> 125.59.215.249:14571
+Flow 611 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:59384
+Flow 724 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:9070
+Flow 666 not-detected: udp 10.0.2.15:28681 -> 159.196.95.223:2003
+Flow 644 not-detected: udp 10.0.2.15:28681 -> 173.22.22.94:34245
+Flow 648 not-detected: udp 10.0.2.15:28681 -> 180.218.135.222:4548
+Flow 579 not-detected: udp 10.0.2.15:28681 -> 223.16.170.108:23458
+Flow 677 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:9128
+Flow 706 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:1968
+Flow 654 not-detected: udp 10.0.2.15:28681 -> 84.118.116.198:44616
+Flow 725 not-detected: udp 10.0.2.15:28681 -> 219.91.30.216:61635
+Flow 302 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:53489
+Flow 668 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:64731
+Flow 741 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:4364
+Flow 696 not-detected: udp 10.0.2.15:28681 -> 188.165.203.190:55050
+Flow 585 not-detected: udp 10.0.2.15:28681 -> 51.68.153.214:35004
+Flow 686 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:13965
+Flow 662 not-detected: udp 10.0.2.15:28681 -> 96.59.117.166:33192
+Flow 602 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:53658
+Flow 589 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:52647
+Flow 653 not-detected: udp 10.0.2.15:28681 -> 82.12.1.136:6348
+Flow 458 not-detected: udp 10.0.2.15:28681 -> 118.165.228.167:12201
+Flow 525 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:52660
+Flow 610 not-detected: udp 10.0.2.15:28681 -> 61.10.174.159:4841
+Flow 734 not-detected: udp 10.0.2.15:28681 -> 113.252.91.201:4297
+Flow 627 not-detected: udp 10.0.2.15:28681 -> 73.62.225.181:46843
+Flow 380 not-detected: udp 10.0.2.15:28681 -> 83.86.49.195:12019
+Flow 702 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10728
+Flow 650 not-detected: udp 10.0.2.15:28681 -> 114.47.227.91:58856
+Flow 581 not-detected: udp 10.0.2.15:28681 -> 58.115.108.10:4641
+Flow 612 not-detected: udp 10.0.2.15:28681 -> 106.104.88.139:7423
+Flow 583 not-detected: udp 10.0.2.15:28681 -> 87.75.180.80:35361
+Flow 671 not-detected: udp 10.0.2.15:28681 -> 180.218.135.222:49867
+Flow 574 not-detected: udp 10.0.2.15:28681 -> 223.17.132.18:23458
+Flow 678 not-detected: udp 10.0.2.15:28681 -> 150.116.225.105:51438
+Flow 715 not-detected: udp 10.0.2.15:28681 -> 219.71.72.88:58808
+Flow 659 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10791
+Flow 457 not-detected: udp 10.0.2.15:28681 -> 119.247.240.113:13867
+Flow 564 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53144
+Flow 647 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:58290
+Flow 699 not-detected: udp 10.0.2.15:28681 -> 77.222.213.44:26536
+Flow 651 not-detected: udp 10.0.2.15:28681 -> 1.64.156.63:65023
+Flow 658 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:8075
+Flow 712 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:59978
+Flow 657 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53195
+Flow 576 not-detected: udp 10.0.2.15:28681 -> 104.238.172.250:42925
+Flow 570 not-detected: udp 10.0.2.15:28681 -> 97.83.183.148:8890
+Flow 680 not-detected: udp 10.0.2.15:28681 -> 61.227.198.100:6910
+Flow 566 not-detected: udp 10.0.2.15:28681 -> 58.176.62.40:52755
+Flow 599 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:59875
+Flow 601 not-detected: udp 10.0.2.15:28681 -> 113.255.200.161:65274
+Flow 638 not-detected: udp 10.0.2.15:28681 -> 182.155.242.225:15068
+Flow 463 not-detected: udp 10.0.2.15:28681 -> 200.7.155.210:28365
+Flow 726 not-detected: udp 10.0.2.15:28681 -> 1.171.82.65:50072
+Flow 452 not-detected: udp 10.0.2.15:28681 -> 68.227.193.37:27481
+Flow 608 not-detected: udp 10.0.2.15:28681 -> 1.163.14.246:23461
+Flow 736 not-detected: udp 10.0.2.15:28681 -> 118.166.252.163:14391
+Flow 448 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:15677
+Flow 549 not-detected: udp 10.0.2.15:28681 -> 84.211.151.48:11105
+Flow 459 not-detected: udp 10.0.2.15:28681 -> 100.89.84.59:11603
+Flow 625 not-detected: udp 10.0.2.15:28681 -> 113.252.206.254:49737
+Flow 580 not-detected: udp 10.0.2.15:28681 -> 76.119.55.28:20347
+Flow 624 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:57492
+Flow 567 not-detected: udp 10.0.2.15:28681 -> 58.176.62.40:52889
+Flow 684 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:54436
+Flow 743 not-detected: udp 10.0.2.15:28681 -> 27.94.154.53:6346
+Flow 730 not-detected: udp 10.0.2.15:28681 -> 124.217.188.105:62849
+Flow 710 not-detected: udp 10.0.2.15:28681 -> 113.254.140.225:63637
+Flow 709 not-detected: udp 10.0.2.15:28681 -> 223.16.121.156:3624
+Flow 687 not-detected: udp 10.0.2.15:28681 -> 66.30.221.181:53454
+Flow 445 not-detected: udp 10.0.2.15:28681 -> 118.165.153.100:4509
+Flow 652 not-detected: udp 10.0.2.15:28681 -> 94.139.21.182:50110
+Flow 569 not-detected: udp 10.0.2.15:28681 -> 73.89.249.8:50649
+Flow 393 not-detected: udp 10.0.2.15:28681 -> 58.115.158.103:5110
+Flow 464 not-detected: udp 10.0.2.15:28681 -> 101.128.66.8:34512
+Flow 522 not-detected: udp 10.0.2.15:28681 -> 119.247.152.218:51153
+Flow 480 not-detected: udp 10.0.2.15:28681 -> 112.119.74.26:65498
+Flow 382 not-detected: udp 10.0.2.15:28681 -> 76.175.11.126:40958
+Flow 590 not-detected: udp 10.0.2.15:28681 -> 95.10.205.67:48380
+Flow 605 not-detected: udp 10.0.2.15:28681 -> 180.149.125.139:6578
+Flow 689 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:3688
+Flow 664 not-detected: udp 10.0.2.15:28681 -> 1.172.183.237:4983
+Flow 708 not-detected: udp 10.0.2.15:28681 -> 124.244.68.65:51967
+Flow 655 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:2566
+Flow 728 not-detected: udp 10.0.2.15:28681 -> 112.10.134.44:19739
+Flow 548 not-detected: udp 10.0.2.15:28681 -> 74.50.147.205:17735
+Flow 632 not-detected: udp 10.0.2.15:28681 -> 188.149.2.44:20964
+Flow 475 not-detected: udp 10.0.2.15:28681 -> 188.61.52.183:63978
+Flow 473 not-detected: udp 10.0.2.15:28681 -> 142.132.165.13:33564
+Flow 575 not-detected: udp 10.0.2.15:28681 -> 123.202.31.113:19768
+Flow 588 not-detected: udp 10.0.2.15:28681 -> 219.70.175.103:4315
+Flow 379 not-detected: udp 10.0.2.15:28681 -> 80.140.63.147:29545
+Flow 719 not-detected: udp 10.0.2.15:28681 -> 219.85.11.85:10722
+Flow 442 not-detected: udp 10.0.2.15:28681 -> 89.204.130.55:29545
+Flow 630 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:3931
+Flow 565 not-detected: udp 10.0.2.15:28681 -> 114.45.40.28:2656
+Flow 523 not-detected: udp 10.0.2.15:28681 -> 1.162.138.200:24018
+Flow 693 not-detected: udp 10.0.2.15:28681 -> 98.215.130.156:12405
 Flow 760 risky: udp 10.0.2.15:138 -> 10.0.2.255:138
 Flow 764 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476
 Flow 762 risky: udp 10.0.2.15:28681 -> 86.75.43.182:43502
 Flow 763 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210
 Flow 761 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009
+Flow 544 not-detected: udp 10.0.2.15:28681 -> 111.184.29.35:30582
+Flow 533 not-detected: udp 10.0.2.15:28681 -> 36.229.185.60:6898
+Flow 553 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3259
+Flow 546 not-detected: udp 10.0.2.15:28681 -> 38.142.119.234:49867
+Flow 531 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51497
+Flow 534 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54436
+Flow 562 not-detected: udp 10.0.2.15:28681 -> 112.119.242.110:59879
+Flow 542 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51675
+Flow 551 not-detected: udp 10.0.2.15:28681 -> 92.24.129.230:14766
+Flow 555 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:20387
+Flow 538 not-detected: udp 10.0.2.15:28681 -> 124.218.41.253:14339
+Flow 536 not-detected: udp 10.0.2.15:28681 -> 118.167.222.160:56121
+Flow 558 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:6466
+Flow 556 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49787
+Flow 560 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53883
+Flow 559 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:55080
+Flow 529 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:57929
+Flow 539 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:7510
+Flow 545 not-detected: udp 10.0.2.15:28681 -> 116.49.159.77:55915
+Flow 663 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6594
+Flow 554 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:55577
+Flow 528 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:58442
+Flow 537 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:2034
+Flow 535 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10655
+Flow 532 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10677
+Flow 695 not-detected: udp 10.0.2.15:28681 -> 76.189.72.230:8161
+Flow 552 not-detected: udp 10.0.2.15:28681 -> 218.250.6.59:60012
+Flow 543 not-detected: udp 10.0.2.15:28681 -> 114.39.159.60:56896
+Flow 557 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53163
+Flow 561 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:57466
+Flow 541 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:11141
+Flow 547 not-detected: udp 10.0.2.15:28681 -> 213.229.111.224:43316
+Flow 530 not-detected: udp 10.0.2.15:28681 -> 118.167.248.220:59304
+Flow 540 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52131
+Flow 754 not-detected: udp 10.0.2.15:28681 -> 84.125.218.84:17561
+Flow 573 not-detected: udp 10.0.2.15:28681 -> 71.239.173.18:23327
+Flow 383 not-detected: udp 10.0.2.15:28681 -> 84.71.243.60:34498
 Flow 787 risky: udp 10.0.2.15:28681 -> 220.133.122.217:23458
 Flow 793 risky: udp 10.0.2.15:28681 -> 123.205.126.102:5193
 Flow 792 risky: udp 10.0.2.15:28681 -> 36.239.213.146:21750
@@ -352,7 +663,95 @@ Flow 789 risky: udp 10.0.2.15:28681 -> 42.98.115.128:23458
 Flow 790 risky: udp 10.0.2.15:28681 -> 218.164.39.233:20855
 Flow 785 risky: udp 10.0.2.15:28681 -> 176.134.139.39:6346
 Flow 791 risky: udp 10.0.2.15:28681 -> 219.85.11.85:10722
+Flow 52 not-detected: tcp 10.0.2.15:50212 -> 95.17.124.40:6776
+Flow 777 not-detected: udp 10.0.2.15:28681 -> 124.244.211.43:23459
+Flow 245 not-detected: tcp 10.0.2.15:50289 -> 74.195.236.249:18557
+Flow 776 not-detected: udp 10.0.2.15:28681 -> 219.85.10.83:8797
+Flow 227 not-detected: tcp 10.0.2.15:50273 -> 24.179.18.242:47329
+Flow 767 not-detected: udp 10.0.2.15:28681 -> 45.65.87.24:16201
+Flow 72 not-detected: tcp 10.0.2.15:50231 -> 76.68.138.207:45079
+Flow 228 not-detected: tcp 10.0.2.15:50274 -> 68.174.18.115:50679
+Flow 778 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:9010
+Flow 773 not-detected: udp 10.0.2.15:28681 -> 86.153.21.93:36696
+Flow 779 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:18381
+Flow 768 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:37058
+Flow 765 not-detected: udp 10.0.2.15:28681 -> 213.229.111.224:4876
+Flow 75 not-detected: tcp 10.0.2.15:50234 -> 66.189.28.17:16269
+Flow 240 not-detected: tcp 10.0.2.15:50286 -> 84.118.116.198:44616
+Flow 74 not-detected: tcp 10.0.2.15:50233 -> 1.163.14.246:12854
+Flow 152 not-detected: tcp 10.0.2.15:50265 -> 113.255.250.32:52647
 Flow 796 risky: udp 10.0.2.15:28681 -> 41.249.63.200:22582
+Flow 233 not-detected: tcp 10.0.2.15:50279 -> 113.252.91.201:4297
+Flow 123 not-detected: tcp 10.0.2.15:50254 -> 24.78.134.188:49046
 Flow 333 risky: tcp 10.0.2.15:50327 -> 69.118.162.229:46906
+Flow 64 not-detected: tcp 10.0.2.15:50223 -> 118.167.248.220:63108
+Flow 59 not-detected: tcp 10.0.2.15:50218 -> 90.103.247.94:59045
+Flow 49 not-detected: tcp 10.0.2.15:50209 -> 113.252.206.254:49587
+Flow 65 not-detected: tcp 10.0.2.15:50224 -> 78.125.63.97:6346
+Flow 68 not-detected: tcp 10.0.2.15:50227 -> 111.246.157.94:51175
+Flow 56 not-detected: tcp 10.0.2.15:50215 -> 124.244.64.237:4704
+Flow 71 not-detected: tcp 10.0.2.15:50230 -> 73.3.103.37:17296
+Flow 244 not-detected: tcp 10.0.2.15:50288 -> 76.119.55.28:20347
+Flow 47 not-detected: tcp 10.0.2.15:50207 -> 90.78.171.204:6346
+Flow 281 not-detected: tcp 10.0.2.15:50305 -> 94.54.66.82:63637
+Flow 48 not-detected: tcp 10.0.2.15:50208 -> 119.237.116.22:8683
+Flow 266 not-detected: tcp 10.0.2.15:50290 -> 73.89.249.8:50649
+Flow 78 not-detected: tcp 10.0.2.15:50237 -> 88.123.202.175:37910
+Flow 151 not-detected: tcp 10.0.2.15:50264 -> 95.10.205.67:48380
+Flow 89 not-detected: tcp 10.0.2.15:50244 -> 188.61.52.183:63978
+Flow 92 not-detected: tcp 10.0.2.15:50247 -> 66.30.221.181:51560
+Flow 784 not-detected: udp 10.0.2.15:28681 -> 23.19.141.110:6346
+Flow 774 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6599
+Flow 268 not-detected: tcp 10.0.2.15:50292 -> 95.10.205.67:11603
+Flow 84 not-detected: tcp 10.0.2.15:50243 -> 176.138.129.252:27962
+Flow 142 not-detected: tcp 10.0.2.15:50255 -> 36.236.203.37:52165
+Flow 241 not-detected: tcp 10.0.2.15:50287 -> 98.215.130.156:12405
+Flow 236 not-detected: tcp 10.0.2.15:50282 -> 221.124.66.33:13060
+Flow 226 not-detected: tcp 10.0.2.15:50272 -> 1.172.184.48:13298
+Flow 225 not-detected: tcp 10.0.2.15:50271 -> 218.164.198.27:60202
+Flow 224 not-detected: tcp 10.0.2.15:50270 -> 114.27.24.95:11427
+Flow 145 not-detected: tcp 10.0.2.15:50258 -> 122.100.216.210:7097
+Flow 147 not-detected: tcp 10.0.2.15:50260 -> 113.255.200.161:51394
+Flow 81 not-detected: tcp 10.0.2.15:50240 -> 36.237.10.152:21293
+Flow 57 not-detected: tcp 10.0.2.15:50216 -> 182.155.128.228:3256
+Flow 44 not-detected: tcp 10.0.2.15:50204 -> 124.218.26.16:9728
+Flow 771 not-detected: udp 10.0.2.15:28681 -> 202.27.193.6:6346
+Flow 234 not-detected: tcp 10.0.2.15:50280 -> 99.199.148.6:4338
+Flow 229 not-detected: tcp 10.0.2.15:50275 -> 122.117.100.78:9010
+Flow 781 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:23458
+Flow 782 not-detected: udp 10.0.2.15:28681 -> 65.182.231.232:7890
+Flow 39 not-detected: tcp 10.0.2.15:50200 -> 176.128.217.128:45194
+Flow 769 not-detected: udp 10.0.2.15:28681 -> 123.110.61.169:11973
+Flow 53 not-detected: tcp 10.0.2.15:50213 -> 85.117.153.7:50138
+Flow 82 not-detected: tcp 10.0.2.15:50241 -> 98.18.172.208:63172
+Flow 297 not-detected: tcp 10.0.2.15:50321 -> 213.229.111.224:4876
+Flow 775 not-detected: udp 10.0.2.15:28681 -> 223.17.132.18:23458
+Flow 79 not-detected: tcp 10.0.2.15:50238 -> 124.218.41.253:59144
+Flow 230 not-detected: tcp 10.0.2.15:50276 -> 96.246.156.126:56070
+Flow 70 not-detected: tcp 10.0.2.15:50229 -> 1.36.249.91:64920
 Flow 795 risky: udp 10.0.2.15:28681 -> 213.120.26.86:29946
+Flow 33 not-detected: tcp 10.0.2.15:50195 -> 162.157.143.201:29762
+Flow 91 not-detected: tcp 10.0.2.15:50246 -> 80.7.252.192:45685
+Flow 50 not-detected: tcp 10.0.2.15:50210 -> 36.234.18.166:61404
+Flow 45 not-detected: tcp 10.0.2.15:50205 -> 114.46.139.171:52120
+Flow 772 not-detected: udp 10.0.2.15:28681 -> 73.192.231.237:9676
+Flow 770 not-detected: udp 10.0.2.15:28681 -> 97.83.183.148:8890
+Flow 235 not-detected: tcp 10.0.2.15:50281 -> 94.134.154.158:54130
+Flow 60 not-detected: tcp 10.0.2.15:50219 -> 193.121.165.12:55376
 Flow 334 risky: tcp 10.0.2.15:50328 -> 189.147.72.83:26108
+Flow 80 not-detected: tcp 10.0.2.15:50239 -> 112.105.52.2:6384
+Flow 232 not-detected: tcp 10.0.2.15:50278 -> 36.231.59.187:62234
+Flow 766 not-detected: udp 10.0.2.15:28681 -> 76.119.55.28:20347
+Flow 120 not-detected: tcp 10.0.2.15:50251 -> 24.127.1.235:37814
+Flow 144 not-detected: tcp 10.0.2.15:50257 -> 219.70.48.23:3054
+Flow 286 not-detected: tcp 10.0.2.15:50310 -> 76.110.153.177:40022
+Flow 40 not-detected: tcp 10.0.2.15:50201 -> 78.122.93.185:6346
+Flow 58 not-detected: tcp 10.0.2.15:50217 -> 113.252.86.162:54958
+Flow 32 not-detected: tcp 10.0.2.15:50194 -> 92.152.66.153:43771
+Flow 83 not-detected: tcp 10.0.2.15:50242 -> 109.210.203.131:6346
+Flow 66 not-detected: tcp 10.0.2.15:50225 -> 109.210.81.147:24800
+Flow 150 not-detected: tcp 10.0.2.15:50263 -> 73.182.136.42:27873
+Flow 62 not-detected: tcp 10.0.2.15:50221 -> 59.104.173.5:49956
+Flow 780 not-detected: udp 10.0.2.15:28681 -> 68.66.94.132:17735
+Flow 55 not-detected: tcp 10.0.2.15:50214 -> 80.193.171.146:53808
+Flow 231 not-detected: tcp 10.0.2.15:50277 -> 82.181.251.218:36368

test/results/flow-captured/default/gtp_false_positive.pcapng.out

@@ -0,0 +1 @@
+Flow 1 not-detected: udp 24.1.33.66:29255 -> 62.56.122.232:3386

test/results/flow-captured/default/instagram.pcap.out

@@ -5,3 +5,4 @@ Flow 26 midstream: tcp 192.168.0.103:58052 -> 82.85.26.162:80
 Flow 30 midstream: tcp 192.168.0.103:58690 -> 46.33.70.159:443
 Flow 1 risky: tcp 192.168.0.103:56382 -> 173.252.107.4:443
 Flow 2 midstream: tcp 192.168.0.103:33936 -> 31.13.93.52:443
+Flow 11 not-detected: udp 192.168.0.1:520 -> 192.168.0.255:520

test/results/flow-captured/default/ip_fragmented_garbage.pcap.out

@@ -0,0 +1,42 @@
+Flow 4 not-detected: tcp 10.0.0.2:16417 -> 10.128.0.2:16419
+Flow 8 not-detected: tcp 10.0.0.2:9508 -> 10.128.0.2:8995
+Flow 20 not-detected: tcp 10.0.0.2:9508 -> 10.128.0.2:8998
+Flow 7 not-detected: tcp 10.0.0.2:10790 -> 10.128.0.2:24101
+Flow 1 not-detected: tcp 10.0.0.2:24102 -> 10.128.0.2:10792
+Flow 2 not-detected: tcp 10.0.0.2:18730 -> 10.128.0.2:20304
+Flow 2 midstream: tcp 10.0.0.2:18730 -> 10.128.0.2:20304
+Flow 24 not-detected: tcp 10.0.0.2:24136 -> 10.128.0.2:16967
+Flow 24 midstream: tcp 10.0.0.2:24136 -> 10.128.0.2:16967
+Flow 27 not-detected: tcp 10.0.0.2:17751 -> 10.128.0.2:9024
+Flow 10 not-detected: tcp 10.0.0.2:14387 -> 10.128.0.2:14646
+Flow 10 midstream: tcp 10.0.0.2:14387 -> 10.128.0.2:14646
+Flow 16 not-detected: tcp 10.0.0.2:16199 -> 10.128.0.2:21055
+Flow 23 not-detected: tcp 10.0.0.2:18762 -> 10.128.0.2:18503
+Flow 11 not-detected: tcp 10.0.0.2:18248 -> 10.128.0.2:19019
+Flow 11 midstream: tcp 10.0.0.2:18248 -> 10.128.0.2:19019
+Flow 13 not-detected: tcp 10.0.0.2:16243 -> 10.128.0.2:21055
+Flow 28 not-detected: tcp 10.0.0.2:27502 -> 10.128.0.2:30307
+Flow 6 not-detected: tcp 10.0.0.2:24101 -> 10.128.0.2:9251
+Flow 3 not-detected: tcp 10.0.0.2:9253 -> 10.128.0.2:24102
+Flow 26 not-detected: tcp 10.0.0.2:9251 -> 10.128.0.2:9770
+Flow 25 not-detected: tcp 10.0.0.2:29799 -> 10.128.0.2:26228
+Flow 5 not-detected: tcp 10.0.0.2:21029 -> 10.128.0.2:22878
+Flow 5 midstream: tcp 10.0.0.2:21029 -> 10.128.0.2:22878
+Flow 29 not-detected: tcp 10.0.0.2:10792 -> 10.128.0.2:10790
+Flow 15 not-detected: tcp 10.0.0.2:2612 -> 10.128.0.2:12849
+Flow 15 midstream: tcp 10.0.0.2:2612 -> 10.128.0.2:12849
+Flow 12 not-detected: tcp 10.0.0.2:13105 -> 10.128.0.2:14648
+Flow 12 midstream: tcp 10.0.0.2:13105 -> 10.128.0.2:14648
+Flow 21 not-detected: tcp 10.0.0.2:13362 -> 10.128.0.2:12596
+Flow 21 midstream: tcp 10.0.0.2:13362 -> 10.128.0.2:12596
+Flow 17 not-detected: tcp 10.0.0.2:19273 -> 10.128.0.2:19016
+Flow 17 midstream: tcp 10.0.0.2:19273 -> 10.128.0.2:19016
+Flow 18 not-detected: tcp 10.0.0.2:9566 -> 10.128.0.2:18498
+Flow 18 midstream: tcp 10.0.0.2:9566 -> 10.128.0.2:18498
+Flow 19 not-detected: tcp 10.0.0.2:11892 -> 10.128.0.2:26470
+Flow 14 not-detected: tcp 10.0.0.2:17458 -> 10.128.0.2:10790
+Flow 14 midstream: tcp 10.0.0.2:17458 -> 10.128.0.2:10790
+Flow 9 not-detected: tcp 10.0.0.2:13617 -> 10.128.0.2:10536
+Flow 9 midstream: tcp 10.0.0.2:13617 -> 10.128.0.2:10536
+Flow 22 not-detected: tcp 10.0.0.2:18258 -> 10.128.0.2:16199
+Flow 22 midstream: tcp 10.0.0.2:18258 -> 10.128.0.2:16199

test/results/flow-captured/default/kerberos.pcap.out

@@ -1,3 +1,7 @@
+Flow 11 not-detected: tcp 172.16.8.201:49165 -> 172.16.8.8:49155
+Flow 11 midstream: tcp 172.16.8.201:49165 -> 172.16.8.8:49155
+Flow 26 not-detected: tcp 172.16.8.201:49185 -> 172.16.8.8:49155
+Flow 26 midstream: tcp 172.16.8.201:49185 -> 172.16.8.8:49155
 Flow 1 midstream: tcp 172.16.8.201:49157 -> 172.16.8.8:88
 Flow 4 midstream: tcp 172.16.8.201:49160 -> 172.16.8.8:88
 Flow 8 midstream: tcp 172.16.8.201:49166 -> 172.16.8.8:88

test/results/flow-captured/default/kontiki.pcap.out

@@ -1,2 +1,4 @@
 Flow 3 risky: udp 10.25.32.59:19948 -> 64.200.148.86:8888
+Flow 1 not-detected: udp 10.25.32.59:19948 -> 255.255.255.255:19948
+Flow 2 not-detected: udp 10.25.32.59:19948 -> 64.200.148.82:1948
 Flow 5 risky: udp 10.25.32.59:19948 -> 64.200.148.88:80

test/results/flow-captured/default/log4j-webapp-exploit.pcap.out

@@ -1,5 +1,7 @@
 Flow 5 risky: tcp 172.16.238.10:57742 -> 172.16.238.11:1389
 Flow 1 risky: tcp 172.16.238.1:1984 -> 172.16.238.10:8080
+Flow 4 not-detected: tcp 172.16.238.10:55408 -> 10.10.10.31:9001
+Flow 7 not-detected: tcp 172.16.238.10:55498 -> 10.10.10.31:9001
 Flow 3 risky: tcp 172.16.238.10:48444 -> 172.16.238.11:80
 Flow 6 risky: tcp 172.16.238.10:48534 -> 172.16.238.11:80
 Flow 2 risky: tcp 172.16.238.10:57650 -> 172.16.238.11:1389

test/results/flow-captured/default/nest_log_sink.pcap.out

@@ -1,3 +1,4 @@
 Flow 1 guessed: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
+Flow 1 not-detected: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
 Flow 1 midstream: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
 Flow 10 risky: udp 192.168.242.15:52849 -> 192.168.242.1:53

test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out

@@ -0,0 +1 @@
+Flow 1 not-detected: udp 127.0.0.1:100 -> 127.0.0.1:200

test/results/flow-captured/default/pps.pcap.out

@@ -1,10 +1,17 @@
+Flow 22 not-detected: udp 192.168.115.8:22793 -> 222.26.193.119:7133
 Flow 54 risky: tcp 192.168.115.8:50486 -> 77.234.40.96:80
 Flow 54 midstream: tcp 192.168.115.8:50486 -> 77.234.40.96:80
+Flow 25 not-detected: udp 192.168.115.8:22793 -> 115.157.62.243:29006
+Flow 13 not-detected: udp 192.168.115.8:22793 -> 111.250.102.66:1107
 Flow 64 risky: tcp 192.168.5.15:65127 -> 68.233.253.133:80
 Flow 64 midstream: tcp 192.168.5.15:65127 -> 68.233.253.133:80
 Flow 78 risky: tcp 192.168.5.15:65128 -> 68.233.253.133:80
 Flow 78 midstream: tcp 192.168.5.15:65128 -> 68.233.253.133:80
+Flow 24 not-detected: udp 192.168.115.8:22793 -> 222.26.74.190:1037
+Flow 26 not-detected: udp 192.168.115.8:22793 -> 210.44.232.243:21044
+Flow 27 not-detected: udp 192.168.115.8:22793 -> 1.169.136.116:17951
 Flow 39 midstream: tcp 192.168.115.8:50466 -> 203.66.182.24:80
+Flow 33 not-detected: udp 192.168.115.8:22793 -> 220.130.154.23:35941
 Flow 57 midstream: tcp 192.168.115.8:50488 -> 223.26.106.20:80
 Flow 60 risky: tcp 192.168.115.8:50491 -> 223.26.106.66:80
 Flow 60 midstream: tcp 192.168.115.8:50491 -> 223.26.106.66:80
@@ -16,12 +23,14 @@ Flow 85 risky: tcp 192.168.115.8:50507 -> 223.26.106.19:80
 Flow 85 midstream: tcp 192.168.115.8:50507 -> 223.26.106.19:80
 Flow 88 risky: tcp 192.168.115.8:50508 -> 223.26.106.19:80
 Flow 88 midstream: tcp 192.168.115.8:50508 -> 223.26.106.19:80
+Flow 32 not-detected: udp 192.168.115.8:22793 -> 114.47.91.129:22576
 Flow 37 risky: tcp 192.168.115.8:50463 -> 101.227.200.11:80
 Flow 37 midstream: tcp 192.168.115.8:50463 -> 101.227.200.11:80
 Flow 47 risky: tcp 192.168.115.8:50476 -> 101.227.32.39:80
 Flow 47 midstream: tcp 192.168.115.8:50476 -> 101.227.32.39:80
 Flow 67 risky: tcp 192.168.115.8:50496 -> 101.227.200.11:80
 Flow 67 midstream: tcp 192.168.115.8:50496 -> 101.227.200.11:80
+Flow 6 not-detected: udp 192.168.115.8:22793 -> 111.249.53.196:32443
 Flow 90 risky: tcp 192.168.115.8:50766 -> 223.26.106.20:80
 Flow 90 midstream: tcp 192.168.115.8:50766 -> 223.26.106.20:80
 Flow 91 risky: tcp 192.168.115.8:50767 -> 223.26.106.20:80
@@ -30,12 +39,16 @@ Flow 93 risky: tcp 192.168.115.8:50768 -> 223.26.106.19:80
 Flow 93 midstream: tcp 192.168.115.8:50768 -> 223.26.106.19:80
 Flow 102 midstream: tcp 192.168.115.8:50778 -> 223.26.106.20:80
 Flow 105 midstream: tcp 192.168.115.8:50780 -> 223.26.106.20:80
+Flow 3 not-detected: udp 192.168.115.8:22793 -> 114.42.0.158:7716
+Flow 12 not-detected: udp 192.168.115.8:22793 -> 210.44.171.1:29702
 Flow 58 risky: tcp 192.168.115.8:50489 -> 119.188.13.188:80
 Flow 58 midstream: tcp 192.168.115.8:50489 -> 119.188.13.188:80
 Flow 59 risky: tcp 192.168.115.8:50490 -> 119.188.13.188:80
 Flow 59 midstream: tcp 192.168.115.8:50490 -> 119.188.13.188:80
 Flow 94 risky: tcp 192.168.115.8:50769 -> 101.227.200.11:80
 Flow 94 midstream: tcp 192.168.115.8:50769 -> 101.227.200.11:80
+Flow 4 not-detected: udp 192.168.115.8:22793 -> 222.197.138.12:6956
+Flow 2 not-detected: udp 118.171.15.56:5544 -> 192.168.115.8:22793
 Flow 40 risky: tcp 192.168.115.8:50467 -> 202.108.14.219:80
 Flow 40 midstream: tcp 192.168.115.8:50467 -> 202.108.14.219:80
 Flow 41 risky: tcp 192.168.115.8:50469 -> 202.108.14.219:80
@@ -68,15 +81,23 @@ Flow 76 risky: tcp 192.168.115.8:50502 -> 202.108.14.236:80
 Flow 76 midstream: tcp 192.168.115.8:50502 -> 202.108.14.236:80
 Flow 79 risky: tcp 192.168.115.8:50503 -> 202.108.14.219:80
 Flow 79 midstream: tcp 192.168.115.8:50503 -> 202.108.14.219:80
+Flow 23 not-detected: udp 192.168.115.8:22793 -> 114.37.142.173:1074
+Flow 7 not-detected: udp 192.168.115.8:22793 -> 219.228.107.156:1250
+Flow 16 not-detected: udp 192.168.115.8:22793 -> 36.233.39.81:18590
 Flow 38 midstream: tcp 192.168.115.8:50464 -> 123.125.112.49:80
 Flow 68 midstream: tcp 192.168.115.8:50497 -> 123.125.112.49:80
 Flow 50 midstream: tcp 192.168.115.8:50482 -> 140.205.243.64:80
+Flow 18 not-detected: udp 192.168.115.8:22793 -> 61.227.170.88:20227
+Flow 20 not-detected: udp 192.168.115.8:22793 -> 121.248.133.93:12757
 Flow 95 risky: tcp 192.168.115.8:50771 -> 202.108.14.236:80
 Flow 95 midstream: tcp 192.168.115.8:50771 -> 202.108.14.236:80
+Flow 19 not-detected: udp 192.168.115.8:22793 -> 202.112.31.89:29072
 Flow 97 risky: tcp 192.168.115.8:50773 -> 202.108.14.221:80
 Flow 97 midstream: tcp 192.168.115.8:50773 -> 202.108.14.221:80
 Flow 99 risky: tcp 192.168.115.8:50774 -> 202.108.14.219:80
 Flow 99 midstream: tcp 192.168.115.8:50774 -> 202.108.14.219:80
+Flow 28 not-detected: udp 192.168.115.8:22793 -> 114.41.144.153:10492
+Flow 14 not-detected: udp 192.168.115.8:22793 -> 61.223.204.67:11102
 Flow 71 risky: tcp 192.168.115.8:50498 -> 36.110.220.15:80
 Flow 71 midstream: tcp 192.168.115.8:50498 -> 36.110.220.15:80
 Flow 61 risky: tcp 192.168.115.8:50492 -> 111.206.13.3:80
@@ -86,6 +107,10 @@ Flow 72 midstream: tcp 192.168.115.8:50499 -> 111.206.22.76:80
 Flow 89 midstream: tcp 192.168.115.8:50509 -> 106.38.219.107:80
 Flow 96 midstream: tcp 192.168.115.8:50772 -> 123.125.111.70:80
 Flow 98 midstream: tcp 192.168.115.8:50775 -> 123.125.111.70:80
+Flow 8 not-detected: udp 183.228.182.44:13913 -> 192.168.115.8:22793
+Flow 21 not-detected: udp 192.168.115.8:22793 -> 1.175.128.104:5185
+Flow 31 not-detected: udp 192.168.115.8:22793 -> 210.47.12.20:33738
+Flow 30 not-detected: udp 192.168.115.8:22793 -> 210.47.12.19:33738
 Flow 92 risky: tcp 192.168.115.8:50765 -> 36.110.220.15:80
 Flow 92 midstream: tcp 192.168.115.8:50765 -> 36.110.220.15:80
 Flow 100 risky: tcp 192.168.115.8:50776 -> 111.206.22.77:80
@@ -94,4 +119,8 @@ Flow 101 risky: tcp 192.168.115.8:50777 -> 111.206.22.77:80
 Flow 101 midstream: tcp 192.168.115.8:50777 -> 111.206.22.77:80
 Flow 104 risky: tcp 192.168.115.8:50779 -> 111.206.22.77:80
 Flow 104 midstream: tcp 192.168.115.8:50779 -> 111.206.22.77:80
+Flow 17 not-detected: udp 192.168.115.8:22793 -> 111.117.101.81:10162
+Flow 1 not-detected: udp 1.173.5.226:22636 -> 192.168.115.8:22793
+Flow 5 not-detected: udp 192.168.115.8:22793 -> 202.198.7.89:16039
 Flow 73 midstream: tcp 192.168.115.8:50500 -> 23.41.133.163:80
+Flow 15 not-detected: udp 192.168.115.8:22793 -> 36.237.154.69:4316

test/results/flow-captured/default/reasm_crash_anon.pcapng.out

@@ -0,0 +1,2 @@
+Flow 1 not-detected: tcp 192.168.145.147:51218 -> 10.209.8.148:21999
+Flow 1 midstream: tcp 192.168.145.147:51218 -> 10.209.8.148:21999

test/results/flow-captured/default/shadowsocks.pcap.out

@@ -0,0 +1 @@
+Flow 2 not-detected: tcp 127.0.0.1:44276 -> 127.0.0.1:8388

test/results/flow-captured/default/skype.pcap.out

@@ -25,7 +25,66 @@ Flow 263 risky: udp 192.168.1.34:56387 -> 192.168.1.1:53
 Flow 264 risky: udp 192.168.1.34:52714 -> 192.168.1.1:53
 Flow 262 risky: udp 192.168.1.34:52742 -> 192.168.1.1:53
 Flow 268 risky: udp 192.168.1.34:65037 -> 192.168.1.1:53
+Flow 9 not-detected: tcp 192.168.1.34:50026 -> 65.55.223.33:40002
+Flow 50 not-detected: tcp 192.168.1.34:50033 -> 157.55.56.170:40015
+Flow 51 not-detected: tcp 192.168.1.34:50034 -> 157.55.130.140:40033
+Flow 221 not-detected: tcp 192.168.1.34:50098 -> 65.55.223.15:40026
+Flow 101 not-detected: tcp 192.168.1.34:50046 -> 157.55.130.150:40011
+Flow 134 not-detected: tcp 192.168.1.34:50054 -> 157.55.130.153:40005
+Flow 113 not-detected: tcp 192.168.1.34:50049 -> 157.55.130.166:40021
+Flow 87 not-detected: tcp 192.168.1.34:50044 -> 157.55.130.167:40031
+Flow 194 not-detected: tcp 192.168.1.34:50074 -> 157.55.130.173:40003
+Flow 133 not-detected: tcp 192.168.1.34:50053 -> 157.55.56.146:40030
+Flow 177 not-detected: tcp 192.168.1.34:50070 -> 157.55.130.170:40018
+Flow 196 not-detected: tcp 192.168.1.34:50076 -> 157.55.235.156:40014
+Flow 168 not-detected: tcp 192.168.1.34:50067 -> 157.55.56.160:40027
+Flow 200 not-detected: tcp 192.168.1.34:50077 -> 157.55.130.176:40022
+Flow 217 not-detected: tcp 192.168.1.34:50092 -> 157.55.130.155:40020
+Flow 57 not-detected: tcp 192.168.1.34:50035 -> 213.199.179.175:40021
+Flow 220 not-detected: tcp 192.168.1.34:50097 -> 157.55.235.176:40022
+Flow 288 not-detected: tcp 192.168.1.34:50143 -> 78.202.226.115:29059
+Flow 289 not-detected: tcp 192.168.1.34:50144 -> 78.202.226.115:29059
+Flow 195 not-detected: tcp 192.168.1.34:50075 -> 213.199.179.142:40003
+Flow 49 not-detected: tcp 192.168.1.34:50032 -> 157.56.52.44:40032
+Flow 227 not-detected: tcp 192.168.1.34:50108 -> 157.56.52.28:40009
+Flow 266 not-detected: tcp 192.168.1.34:50130 -> 212.161.8.36:13392
 Flow 269 risky: tcp 192.168.1.34:50131 -> 212.161.8.36:13392
+Flow 243 not-detected: tcp 192.168.1.34:50112 -> 76.167.161.6:20274
+Flow 280 not-detected: tcp 192.168.1.34:50135 -> 76.167.161.6:20274
+Flow 232 not-detected: tcp 192.168.1.34:50109 -> 91.190.216.125:12350
+Flow 233 not-detected: tcp 192.168.1.34:50110 -> 91.190.216.125:12350
+Flow 285 not-detected: tcp 192.168.1.34:50140 -> 76.167.161.6:20274
+Flow 256 not-detected: tcp 192.168.1.34:50125 -> 91.190.218.125:12350
+Flow 257 not-detected: tcp 192.168.1.34:50126 -> 91.190.216.23:12350
+Flow 261 not-detected: tcp 192.168.1.34:50129 -> 91.190.218.125:12350
 Flow 23 midstream: tcp 108.160.170.46:443 -> 192.168.1.34:49445
+Flow 244 not-detected: tcp 192.168.1.34:50113 -> 71.238.7.203:18767
+Flow 253 not-detected: tcp 192.168.1.34:50123 -> 80.14.46.121:4415
+Flow 248 not-detected: tcp 192.168.1.34:50117 -> 71.238.7.203:18767
+Flow 258 not-detected: tcp 192.168.1.34:50127 -> 80.14.46.121:4415
+Flow 286 not-detected: tcp 192.168.1.34:50141 -> 80.14.46.121:4415
+Flow 287 not-detected: tcp 192.168.1.34:50142 -> 80.14.46.121:4415
+Flow 281 not-detected: tcp 192.168.1.34:50136 -> 71.238.7.203:18767
+Flow 283 not-detected: tcp 192.168.1.34:50138 -> 71.238.7.203:18767
+Flow 247 not-detected: tcp 192.168.1.34:50116 -> 81.83.77.141:17639
+Flow 246 not-detected: tcp 192.168.1.34:50115 -> 86.31.35.30:59621
+Flow 251 not-detected: tcp 192.168.1.34:50121 -> 81.83.77.141:17639
+Flow 250 not-detected: tcp 192.168.1.34:50119 -> 86.31.35.30:59621
+Flow 222 not-detected: tcp 192.168.1.34:50099 -> 64.4.23.166:40022
+Flow 213 not-detected: tcp 192.168.1.34:50088 -> 157.55.235.146:33033
 Flow 255 risky: tcp 17.143.160.22:5223 -> 192.168.1.34:49447
 Flow 255 midstream: tcp 17.143.160.22:5223 -> 192.168.1.34:49447
+Flow 277 not-detected: tcp 192.168.1.34:50134 -> 157.56.53.47:12350
+Flow 291 not-detected: tcp 192.168.1.34:50145 -> 157.56.53.51:12350
+Flow 245 not-detected: tcp 192.168.1.34:50114 -> 5.248.186.221:31010
+Flow 249 not-detected: tcp 192.168.1.34:50118 -> 5.248.186.221:31010
+Flow 282 not-detected: tcp 192.168.1.34:50137 -> 5.248.186.221:31010
+Flow 284 not-detected: tcp 192.168.1.34:50139 -> 5.248.186.221:31010
+Flow 144 not-detected: tcp 192.168.1.34:50059 -> 111.221.74.38:40015
+Flow 135 not-detected: tcp 192.168.1.34:50055 -> 111.221.74.47:40030
+Flow 211 not-detected: tcp 192.168.1.34:50086 -> 111.221.77.142:40023
+Flow 219 not-detected: tcp 192.168.1.34:50096 -> 111.221.74.46:40027
+Flow 270 not-detected: tcp 192.168.1.34:50132 -> 149.13.32.15:13392
+Flow 252 not-detected: tcp 192.168.1.34:50122 -> 81.133.19.185:44431
+Flow 254 not-detected: tcp 192.168.1.34:50124 -> 81.133.19.185:44431
+Flow 161 not-detected: tcp 192.168.1.34:50065 -> 65.55.223.12:40031

test/results/flow-captured/default/skype_no_unknown.pcap.out

@@ -18,10 +18,54 @@ Flow 26 risky: udp 192.168.1.34:138 -> 192.168.1.255:138
 Flow 27 risky: udp 192.168.1.1:138 -> 192.168.1.34:138
 Flow 29 risky: udp 192.168.1.92:138 -> 192.168.1.255:138
 Flow 166 risky: udp 192.168.1.34:61095 -> 192.168.1.1:53
+Flow 235 not-detected: tcp 192.168.1.34:51289 -> 71.238.7.203:18767
+Flow 240 not-detected: tcp 192.168.1.34:51292 -> 71.238.7.203:18767
 Flow 155 risky: udp 192.168.1.34:63342 -> 192.168.1.1:53
+Flow 258 not-detected: tcp 192.168.1.34:51311 -> 93.79.224.176:14506
+Flow 261 not-detected: tcp 192.168.1.34:51314 -> 93.79.224.176:14506
+Flow 239 not-detected: tcp 192.168.1.34:51291 -> 81.83.77.141:17639
+Flow 242 not-detected: tcp 192.168.1.34:51294 -> 81.83.77.141:17639
+Flow 247 not-detected: tcp 192.168.1.34:51298 -> 82.224.110.241:38895
+Flow 250 not-detected: tcp 192.168.1.34:51301 -> 82.224.110.241:38895
+Flow 121 not-detected: tcp 192.168.1.34:51251 -> 64.4.23.166:40029
+Flow 209 not-detected: tcp 192.168.1.34:51278 -> 64.4.23.159:40009
+Flow 236 not-detected: tcp 192.168.1.34:51290 -> 5.248.186.221:31010
+Flow 241 not-detected: tcp 192.168.1.34:51293 -> 5.248.186.221:31010
+Flow 61 not-detected: tcp 192.168.1.34:51236 -> 111.221.74.45:40008
+Flow 147 not-detected: tcp 192.168.1.34:51256 -> 111.221.77.142:40013
+Flow 109 not-detected: tcp 192.168.1.34:51248 -> 111.221.77.175:40030
+Flow 210 not-detected: tcp 192.168.1.34:51279 -> 111.221.74.48:40008
+Flow 170 not-detected: tcp 192.168.1.34:51267 -> 111.221.74.18:40025
+Flow 253 not-detected: tcp 192.168.1.34:51305 -> 149.13.32.15:13392
 Flow 255 risky: tcp 192.168.1.34:51307 -> 149.13.32.15:13392
+Flow 257 not-detected: tcp 192.168.1.34:51309 -> 149.13.32.15:13392
 Flow 259 risky: tcp 192.168.1.34:51312 -> 149.13.32.15:13392
+Flow 263 not-detected: tcp 192.168.1.34:51316 -> 149.13.32.15:13392
 Flow 167 risky: udp 192.168.1.34:55866 -> 192.168.1.1:53
+Flow 60 not-detected: tcp 192.168.1.34:51235 -> 65.55.223.45:40009
+Flow 59 not-detected: tcp 192.168.1.34:51234 -> 157.55.235.147:40001
 Flow 156 risky: udp 192.168.1.34:64258 -> 192.168.1.1:53
+Flow 67 not-detected: tcp 192.168.1.34:51237 -> 157.55.130.176:40022
+Flow 146 not-detected: tcp 192.168.1.34:51255 -> 157.55.130.142:40005
+Flow 148 not-detected: tcp 192.168.1.34:51257 -> 157.55.235.170:40032
+Flow 207 not-detected: tcp 192.168.1.34:51276 -> 157.55.235.146:40021
+Flow 186 not-detected: tcp 192.168.1.34:51272 -> 157.55.235.152:40029
+Flow 208 not-detected: tcp 192.168.1.34:51277 -> 157.55.235.156:40026
+Flow 149 not-detected: tcp 192.168.1.34:51258 -> 213.199.179.176:40021
 Flow 199 risky: udp 192.168.1.34:64364 -> 192.168.1.1:53
+Flow 178 not-detected: tcp 192.168.1.34:51269 -> 213.199.179.175:40029
 Flow 198 risky: udp 192.168.1.34:60413 -> 192.168.1.1:53
+Flow 10 not-detected: tcp 192.168.1.34:51229 -> 157.56.52.28:40009
+Flow 97 not-detected: tcp 192.168.1.34:51246 -> 157.56.52.44:40020
+Flow 252 not-detected: tcp 192.168.1.34:51303 -> 80.121.84.93:62381
+Flow 254 not-detected: tcp 192.168.1.34:51306 -> 80.121.84.93:62381
+Flow 260 not-detected: tcp 192.168.1.34:51313 -> 212.161.8.36:13392
+Flow 265 not-detected: tcp 192.168.1.34:51318 -> 212.161.8.36:13392
+Flow 267 not-detected: tcp 192.168.1.34:51319 -> 212.161.8.36:13392
+Flow 234 not-detected: tcp 192.168.1.34:51288 -> 76.167.161.6:20274
+Flow 249 not-detected: tcp 192.168.1.34:51300 -> 76.167.161.6:20274
+Flow 227 not-detected: tcp 192.168.1.34:51284 -> 91.190.218.125:12350
+Flow 228 not-detected: tcp 192.168.1.34:51285 -> 91.190.218.125:12350
+Flow 245 not-detected: tcp 192.168.1.34:51296 -> 91.190.216.125:12350
+Flow 246 not-detected: tcp 192.168.1.34:51297 -> 91.190.216.24:12350
+Flow 248 not-detected: tcp 192.168.1.34:51299 -> 91.190.216.125:12350

test/results/flow-captured/default/syslog.pcap.out

@@ -1 +1,3 @@
+Flow 6 not-detected: 41 216.66.80.30 -> 193.24.227.12
+Flow 5 not-detected: 41 193.24.227.10 -> 216.66.86.114
 Flow 15 risky: tcp 10.186.117.194:49948 -> 169.46.82.162:52173

test/results/flow-captured/default/tcp_scan.pcapng.out

@@ -0,0 +1,6 @@
+Flow 6 not-detected: tcp 192.168.1.178:57916 -> 192.168.1.2:3391
+Flow 6 midstream: tcp 192.168.1.178:57916 -> 192.168.1.2:3391
+Flow 5 not-detected: tcp 192.168.1.178:62971 -> 192.168.1.2:3390
+Flow 5 midstream: tcp 192.168.1.178:62971 -> 192.168.1.2:3390
+Flow 7 not-detected: tcp 192.168.1.178:63243 -> 192.168.1.2:3392
+Flow 7 midstream: tcp 192.168.1.178:63243 -> 192.168.1.2:3392

test/results/flow-captured/default/teams.pcap.out

@@ -13,6 +13,8 @@ Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
 Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
 Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
 Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
+Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
+Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
 Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
 Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016

test/results/flow-captured/default/telegram.pcap.out

@@ -1,5 +1,7 @@
 Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53
 Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53
 Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138
+Flow 44 not-detected: udp 192.168.1.77:28150 -> 87.11.205.195:59772
 Flow 26 risky: udp 192.168.1.77:23174 -> 87.11.205.195:60723
 Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53
+Flow 25 not-detected: udp 192.168.1.77:23174 -> 192.168.1.52:31480

test/results/flow-captured/default/tls_certificate_too_long.pcap.out

@@ -7,3 +7,5 @@ Flow 19 risky: tcp 192.168.1.121:53913 -> 2.22.33.235:80
 Flow 23 risky: udp 192.168.1.121:51998 -> 8.8.8.8:53
 Flow 3 risky: udp 192.168.1.121:52251 -> 8.8.8.8:53
 Flow 20 midstream: tcp 192.168.1.121:53905 -> 140.82.113.26:443
+Flow 2 not-detected: tcp 192.168.1.121:52721 -> 192.168.1.139:55367
+Flow 2 midstream: tcp 192.168.1.121:52721 -> 192.168.1.139:55367

test/results/flow-captured/default/tls_false_positives.pcapng.out

@@ -0,0 +1 @@
+Flow 1 not-detected: tcp 10.10.10.1:1445 -> 192.168.0.1:20979

test/results/flow-captured/default/wa_voice.pcap.out

@@ -1,4 +1,6 @@
 Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328
 Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223
+Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
+Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
 Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502
 Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282

test/results/flow-captured/default/waze.pcap.out

@@ -4,3 +4,5 @@ Flow 6 risky: tcp 10.8.0.1:36102 -> 46.51.173.182:443
 Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443
 Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443
 Flow 7 risky: tcp 10.8.0.1:36585 -> 173.194.118.48:443
+Flow 1 not-detected: tcp 10.16.37.157:42256 -> 174.37.231.81:5222
+Flow 1 midstream: tcp 10.16.37.157:42256 -> 174.37.231.81:5222

test/results/flow-captured/enable_payload_stat/1kxun.pcap.out

@@ -10,18 +10,32 @@ Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
 Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
 Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
 Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
+Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
+Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
+Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
 Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
+Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
 Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
 Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
+Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
+Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
 Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
 Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
 Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443
 Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443
 Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443
 Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443
+Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
+Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
+Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
+Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
+Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
 Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
 Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
+Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
+Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
 Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
+Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947
 Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80
 Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80
 Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80

test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out

@@ -1,4 +1,6 @@
 Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328
 Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223
+Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
+Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
 Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502
 Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282