From 65f15e8c7ccd8462953ce3723bf332954e1348b3 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Sun, 10 Aug 2025 18:01:35 +0200
Subject: [PATCH 01/16] POC pull request - implemented for mDNS answers

---
 example/ndpiReader.c                          |  44 ++++
 example/reader_util.c                         |  23 ++
 example/reader_util.h                         |   5 +
 src/include/ndpi_typedefs.h                   |  13 +-
 src/lib/protocols/dns.c                       | 204 +++++++++++++++++-
 .../default/result/anyconnect-vpn.pcap.out    |   8 +-
 tests/cfgs/default/result/dns.pcap.out        |   2 +-
 .../result/dns_invert_query.pcapng.out        |   6 +-
 .../result/fuzz-2006-06-26-2594.pcap.out      |  37 +++-
 tests/cfgs/default/result/iphone.pcap.out     |   6 +-
 tests/cfgs/default/result/telegram.pcap.out   |  14 +-
 .../result/tls_certificate_too_long.pcap.out  |   6 +-
 tests/cfgs/default/result/wa_voice.pcap.out   |   4 +-
 .../result/iphone.pcap.out                    |   6 +-
 tests/cfgs/dns_sub_enable/result/dns.pcap.out |   2 +-
 .../result/dns.pcap.out                       |   2 +-
 .../result/dns.pcap.out                       |   2 +-
 17 files changed, 336 insertions(+), 48 deletions(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 7faadce3127..fd2519310b6 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -32,6 +32,8 @@
 #include <stdlib.h>
 #include <getopt.h>
 #include <float.h> /* FLT_EPSILON */
+
+#include "../src/include/ndpi_typedefs.h"
 #ifdef WIN32
 #include <winsock2.h> /* winsock.h is included automatically */
 #include <windows.h>
@@ -1985,6 +1987,48 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
 	}
       }
 
+    if(flow->mdns_metadata.num_services > 0) {
+      fprintf(out, "[MDNS advertised services (found %d) - ", flow->mdns_metadata.num_services);
+
+      for(int i = 0; i < flow->mdns_metadata.num_services - 1; i++) {
+        struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[i];
+
+        fprintf(out, "rsp_class: %d ", service->rsp_class);
+        fprintf(out, "ttl: %ds ", service->ttl);
+        fprintf(out, "rdatalength: %d ", service->data_len);
+
+        fprintf(out, "rsp_type: ");
+        switch (service -> rsp_type) {
+          case 0x0C: /* PTR */
+            fprintf(out, "PTR data: %s advertised %s; ", service->name, service->data); break;
+          case 0x10: /* TXT */
+            fprintf(out, "TXT data: %s additional info %s; ", service->name, service->data); break;
+          case 0x21: /* SRV */
+            fprintf(out, "SRV data: %s is on port %d; ", service->name, service->srv_port); break;
+          case 0x05: /* CNAME */
+            break;
+        }
+      }
+      /* last line without spacing at the end */
+      struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[flow->mdns_metadata.num_services - 1];
+
+      fprintf(out, "rsp_class: %d ", service->rsp_class);
+      fprintf(out, "ttl: %ds ", service->ttl);
+      fprintf(out, "rdatalength: %d ", service->data_len);
+
+      fprintf(out, "rsp_type: ");
+      switch (service -> rsp_type) {
+        case 0x0C: /* PTR */
+          fprintf(out, "PTR data: %s advertised %s]", service->name, service->data); break;
+        case 0x10: /* TXT */
+          fprintf(out, "TXT data: %s additional info %s]", service->name, service->data); break;
+        case 0x21: /* SRV */
+          fprintf(out, "SRV data: %s is on port %d]", service->name, service->srv_port); break;
+        case 0x05: /* CNAME */
+          break;
+      }
+    }
+
     fprintf(out, "[%s]",
 	    ndpi_is_encrypted_proto(ndpi_thread_info[thread_id].workflow->ndpi_struct,
 				    flow->detected_protocol) ? "Encrypted" : "ClearText");
diff --git a/example/reader_util.c b/example/reader_util.c
index 42333887871..a74c324fbad 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -28,6 +28,8 @@
 #include <math.h>
 #include <float.h>
 
+#include "../src/include/ndpi_typedefs.h"
+
 #ifdef WIN32
 #include <winsock2.h> /* winsock.h is included automatically */
 #include <windows.h>
@@ -611,6 +613,12 @@ void ndpi_flow_info_free_data(struct ndpi_flow_info *flow) {
   if(flow->tcp_fingerprint) ndpi_free(flow->tcp_fingerprint);
   if(flow->risk_str)        ndpi_free(flow->risk_str);
   if(flow->flow_payload)    ndpi_free(flow->flow_payload);
+
+
+  for(int i = 0; i < flow->mdns_metadata.num_services; ++i) {
+    ndpi_free(flow->mdns_metadata.services[i].name);
+    ndpi_free(flow->mdns_metadata.services[i].data);
+  }
 }
 
 /* ***************************************************** */
@@ -1620,6 +1628,21 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     ndpi_snprintf(flow->fast_cgi.url, sizeof(flow->fast_cgi.url), "%s", flow->ndpi_flow->protos.fast_cgi.url);
   }
 
+  flow->mdns_metadata.num_services = flow->ndpi_flow->mdns_metadata.num_services;
+
+  for(int idx = 0; idx < flow->mdns_metadata.num_services; ++idx) {
+    struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[idx];
+    struct ndpi_mdns_rsp_entry *reference = &flow->ndpi_flow->mdns_metadata.services[idx];
+
+    service->rsp_type = reference->rsp_type;
+    service->rsp_class = reference->rsp_class;
+    service->ttl = reference->ttl;
+    service->data_len = reference->data_len;
+    service->name = ndpi_strdup(reference->name);
+    service->data = ndpi_strdup(reference->data);
+    service->srv_port = reference->srv_port;
+  }
+
   if(!monitoring_enabled) {
     add_to_address_port_list(&flow->stun.mapped_address, &flow->ndpi_flow->stun.mapped_address);
     add_to_address_port_list(&flow->stun.peer_address, &flow->ndpi_flow->stun.peer_address);
diff --git a/example/reader_util.h b/example/reader_util.h
index c49237b9fc7..165ba5ab820 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -285,6 +285,11 @@ typedef struct ndpi_flow_info {
     } bfcp;
   };
 
+  struct {
+    uint8_t num_services;
+    struct ndpi_mdns_rsp_entry services[MAX_NUM_MDNS_ADVERTISED_SERVICES];
+  } mdns_metadata;
+
   ndpi_serializer ndpi_flow_serializer;
 
   char host_server_name[80]; /* Hostname/SNI */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index bfe93c8fd07..249f0dfba5b 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -402,6 +402,9 @@ struct ndpi_mdns_rsp_entry {
   u_int16_t rsp_type, rsp_class;
   u_int32_t ttl;
   u_int16_t data_len;
+  char *name; // hostname
+  char *data; // metadata
+  u_int16_t srv_port;
 } PACK_OFF;
 
 /* +++++++++++++++++++ LLC header (IEEE 802.2) ++++++++++++++++ */
@@ -1317,6 +1320,7 @@ typedef enum {
 
 #define MAX_NUM_TLS_SIGNATURE_ALGORITHMS 16
 #define MAX_NUM_DNS_RSP_ADDRESSES         4
+#define MAX_NUM_MDNS_ADVERTISED_SERVICES  8
 
 typedef struct {
   union {
@@ -1692,6 +1696,11 @@ struct ndpi_flow_struct {
 
   } protos;
 
+  struct {
+    uint8_t num_services;
+    struct ndpi_mdns_rsp_entry services[MAX_NUM_MDNS_ADVERTISED_SERVICES];
+  } mdns_metadata;
+
   /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
   struct ndpi_metadata_monitoring *monit;
 
@@ -1749,8 +1758,8 @@ struct ndpi_flow_struct {
 _Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 264,
                "Size of the struct member protocols increased to more than 264 bytes, "
                "please check if this change is necessary.");
-_Static_assert(sizeof(struct ndpi_flow_struct) <= 1232,
-               "Size of the flow struct increased to more than 1232 bytes, "
+_Static_assert(sizeof(struct ndpi_flow_struct) <= 1408,
+               "Size of the flow struct increased to more than 1408 bytes, "
                "please check if this change is necessary.");
 #endif
 #endif
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 3115fa99e40..4fea154c9a7 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -251,8 +251,33 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
 	&& (packet->payload[(*off)] != '\0')) {
     u_int8_t c, cl = packet->payload[*off];
 
-    if(((cl & 0xc0) != 0) || // we not support compressed names in query
-       (((*off)+1) + cl  >= packet->payload_packet_len)) {
+    if((cl & 0xc0) == 0xc0) { /* start of a compressed name */
+      if(*off + 1 >= packet->payload_packet_len) {
+        hostname_is_valid = 0;
+        j = 0;
+        break;
+      }
+
+      (*off)++;
+      u_int8_t byte2 = packet->payload[(*off)++];
+      /* works for little and big endian. We don't need to check for (*off) < packet->payload_packet_len
+       * since it's checked in the recursive call */
+      u_int32_t ptr = ((cl & 0x3F) << 8 | byte2) + (packet->tcp ? 2 : 0);
+
+      if (j && j < max_len) {
+        _hostname[j++] = '.';
+      }
+
+      u_int nested_len;
+      hostname_is_valid = ndpi_grab_dns_name(packet, &ptr, &_hostname[j], max_len - j,
+        &nested_len, ignore_checks) && hostname_is_valid;
+
+      j += nested_len;
+      /* compressed names are always terminal */
+      break;
+    }
+
+    if(((*off)+1) + cl  >= packet->payload_packet_len) {
       /* Don't update the offset */
       j = 0;
       break;
@@ -298,6 +323,30 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
 
 /* *********************************************** */
 
+static int add_to_mdns_metadata(struct ndpi_flow_struct *flow,
+                                u_int16_t rsp_type, u_int16_t rsp_class, u_int32_t ttl,
+                                u_int16_t data_len, u_int16_t srv_port, char *data,
+                                u_int16_t name_len, const char *name) {
+  struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[flow->mdns_metadata.num_services];
+  service->rsp_class = rsp_class;
+  service->rsp_type = rsp_type;
+  service->ttl = ttl;
+  service->data_len = data_len; /* already host */
+
+  if((service->name = ndpi_malloc(name_len + 1)) == NULL) {
+    return -1;
+  }
+  memcpy(service->name, name, name_len);
+  service->name[name_len] = 0;
+
+  service->data = data; /* already host */
+
+  service->srv_port = srv_port; /* already checked if is zero */
+
+  ++flow->mdns_metadata.num_services;
+  return 0;
+}
+
 static int process_queries(struct ndpi_detection_module_struct *ndpi_struct,
                            struct ndpi_flow_struct *flow,
                            struct ndpi_dns_packet_header *dns_header,
@@ -358,12 +407,23 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
 
   for(num = 0; num < dns_header->num_answers; num++) {
     u_int16_t data_len;
+    u_int y = x;  /* we need a copy of x when x points to name */
 
     if((data_len = getNameLength(x, packet->payload,
                                  packet->payload_packet_len)) == 0) {
       return -1;
-    } else
-      x += data_len;
+    }
+    x += data_len;
+
+    u_int name_len;
+
+    char name[255]; /* DNS names are max 254 bytes long +1 null-byte */
+    if(ndpi_grab_dns_name(packet, &y, name, sizeof(name),
+    &name_len, ignore_checks) == 0) {
+        // todo: invalid name, maybe set a risk here
+    }
+
+    char *data = NULL;
 
     if((x+8) >= packet->payload_packet_len) {
       return -1;
@@ -387,6 +447,8 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
 
     /* x points to the response "class" field */
     if((x+12) <= packet->payload_packet_len) {
+      u_int16_t srv_port = 0;
+      u_int16_t rsp_class = ntohl(*(u_int16_t *) &packet->payload[x]);
       u_int32_t ttl = ntohl(*((u_int32_t*)&packet->payload[x+2]));
 
       x += 6;
@@ -403,7 +465,7 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
           u_int16_t ptr_len = (packet->payload[x-2] << 8) + packet->payload[x-1];
 
           if((x + ptr_len) <= packet->payload_packet_len) {
-            if(found == 0) {
+            if(found == 0 || proto->master_protocol == NDPI_PROTOCOL_MDNS) {
               u_int len, orig_x;
 
               orig_x = x;
@@ -415,6 +477,16 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
                  We unconditionally update it at the end of the for loop */
               x = orig_x;
               found = 1;
+              if(proto->master_protocol == NDPI_PROTOCOL_MDNS && len > 0) {
+                if((data = ndpi_malloc(len + 1)) == NULL) {
+#ifdef DNS_DEBUG
+                  printf("[DNS] Out of memory\n");
+#endif
+                  return -1; /* todo: either continue or fail */
+                }
+                memcpy(data, flow->protos.dns.ptr_domain_name, len);
+                data[len] = '\0';
+              }
             }
           }
         } else if((((rsp_type == 0x1) && (data_len == 4)) /* A */
@@ -462,18 +534,117 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
             NDPI_LOG_DBG(ndpi_struct, "Adding entry to fpc_dns: %s proto %d\n",
                          data_len == 4 ? "ipv4" : "ipv6", proto->app_protocol);
           }
+        } else if(rsp_type == 0x10 /* TXT */) {
+          if(proto->master_protocol == NDPI_PROTOCOL_MDNS) {
+            char sep[] = ", ";
+            size_t sep_len = sizeof(sep) - 1;
+
+            /* We alloc more space than needed since we need space for separators.
+             * Also notice TXT fields don't use name compression, so we base our size
+             * on data_len. */
+            if((data = ndpi_malloc(data_len + (sep_len * data_len) + 1)) == NULL) {
+#ifdef DNS_DEBUG
+              printf("[DNS] Out of memory\n");
+#endif
+              return -1; /* todo: maybe this is not the correct behavior */
+            }
+            u_int x_orig = x;
+            data[0] = 0; /* it surely exists due to its size being minimum 1 (if data_len = 0) */
+            int is_invalid = 1;
+
+            size_t bytes_read = 0;
+            size_t data_offset = 0;
+
+            while(bytes_read < data_len) {
+              u_int8_t txt_subfield_len = packet->payload[x_orig++];
+              bytes_read++;
+
+              is_invalid = txt_subfield_len + bytes_read > data_len ||
+                           txt_subfield_len > packet->payload_packet_len - x_orig;
+              if(is_invalid) {
+                ndpi_free(data);
+                /* todo: this is a malformed DNS packet, maybe set_risk here */
+                break;
+              }
+              if(txt_subfield_len == 0) {
+                /* todo: maybe "txt subfield with zero len" can be a minor issue risk */
+                continue; /* nothing to do for an empty string */
+              }
+
+              memcpy(data + data_offset, &packet->payload[x_orig], txt_subfield_len);
+              data_offset += txt_subfield_len;
+              memcpy(data + data_offset, sep, sep_len);
+              data_offset += sep_len;
+
+              x_orig += txt_subfield_len;
+              bytes_read += txt_subfield_len;
+            }
+            if(!is_invalid) {  /* check needed because *data might point to deallocated memory */
+              if(data_offset >= sep_len) { /* if the while cycle didn't do any iteration, data_offset is 0 */
+                data[data_offset - sep_len] = 0; /* - sep_len removes the last separator */
+              } else {
+                data[data_offset] = 0;
+              }
+            }
+          }
+        } else if(rsp_type == 0x21 /* SRV */) {
+          if(proto->master_protocol == NDPI_PROTOCOL_MDNS) {
+            u_int x_orig = x;
+            x_orig += 4; /* skip priority and weight */
+            srv_port = ntohs(*(u_int16_t*)&packet->payload[x_orig]);
+            x_orig += 2; /* skip port */
+
+            if(srv_port == 0) {
+              /* todo: this is malformed since ports can't be zero, maybe set_risk here */
+              continue;
+            }
+            /* Target might use compression, and we can't determine its length a priori,
+             * so unfortunately we need to first find it and then copy it */
+            char target[255];
+            u_int target_len = 0;
+
+            if((ndpi_grab_dns_name(packet, &x_orig, target, sizeof(target),
+                &target_len, ignore_checks)) == 0) {
+              /* todo: maybe set_risk here, malformed name */
+              continue;
+            }
+            if(target_len <= 0) { /* name is good but contains nothing */
+              continue;
+            }
+            if((data = ndpi_malloc(target_len + 1)) == NULL) {
+#ifdef DNS_DEBUG
+              printf("[DNS] Out of memory\n");
+#endif
+              return -1; /* todo: maybe this is not the correct behavior */
+            }
+            memcpy(data, target, target_len);
+            data[target_len] = 0;
+          }
         }
 
         x += data_len;
       }
+
+      if(proto->master_protocol == NDPI_PROTOCOL_MDNS && name_len > 0 && data != NULL &&
+         flow->mdns_metadata.num_services < MAX_NUM_MDNS_ADVERTISED_SERVICES) {
+          if(add_to_mdns_metadata(flow, rsp_type, rsp_class, rsp_ttl, data_len, srv_port, data, name_len, name) < 0) {
+#ifdef DNS_DEBUG
+            printf("[DNS] Out of memory\n");
+#endif
+            /* todo: maybe return */
+          }
+      }
     }
 
-    if(found && (dns_header->additional_rrs == 0)) {
+    if((found && (dns_header->additional_rrs == 0)) &&
+      proto->master_protocol != NDPI_PROTOCOL_MDNS) {
       /*
         In case we have RR we need to iterate
         all the answers and not just consider the
         first one as we need to properly move 'x'
         to the right offset
+
+        Also keep searching for mdns services
       */
       break;
     }
@@ -822,10 +993,29 @@ static void search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct
     flow->protos.dns.transaction_id = dns_header.tr_id;
 
     rc = process_queries(ndpi_struct, flow, &dns_header, off);
+    if(rc == -1) {
 #ifdef DNS_DEBUG
-    if(rc == -1)
       printf("[DNS] Error queries (query msg)\n");
 #endif
+    } else {
+      off = rc;
+      rc = process_answers(ndpi_struct, flow, &dns_header, off, &proto);
+      if(rc == -1) {
+#ifdef DNS_DEBUG
+        printf("[DNS] Error answers (query msg)\n");
+#endif
+      } else {
+        off = rc;
+        rc = process_additionals(ndpi_struct, flow, &dns_header, off);
+        if(rc == -1) {
+#ifdef DNS_DEBUG
+          printf("[DNS] Error additionals (query msg)\n");
+#endif
+        }
+        // we do not care about this in queries even if it is modified in process_additionals
+        flow->protos.dns.edns0_udp_payload_size = 0;
+      }
+    }
   } else {
     flow->protos.dns.is_query = 0;
     flow->protos.dns.transaction_id = dns_header.tr_id;
diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
index 9e3210252b2..5d7c5e80364 100644
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -70,21 +70,21 @@ JA Host Stats:
 	10	TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	12	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
-	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 2) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local; rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 2) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local; rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 10.0.0.227:57547 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	21	UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Hostname/SNI: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	21	UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 120s rdatalength: 39 rsp_type: PTR data: _googlezone._tcp.local advertised 79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Hostname/SNI: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	22	UDP 10.0.0.149:38616 -> 10.0.0.227:61328 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 10.0.0.149:48166 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	24	UDP 10.0.0.149:49816 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	25	UDP 10.0.0.149:50081 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	27	UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	27	UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	28	TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][DNS Id: 0x1090][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dns.pcap.out b/tests/cfgs/default/result/dns.pcap.out
index 9f9f8e36cd7..f0854a74d61 100644
--- a/tests/cfgs/default/result/dns.pcap.out
+++ b/tests/cfgs/default/result/dns.pcap.out
@@ -29,6 +29,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dns_invert_query.pcapng.out b/tests/cfgs/default/result/dns_invert_query.pcapng.out
index 02b62f0c3fe..7325b914e54 100644
--- a/tests/cfgs/default/result/dns_invert_query.pcapng.out
+++ b/tests/cfgs/default/result/dns_invert_query.pcapng.out
@@ -11,9 +11,9 @@ LRU cache fpc_dns:    0/0/0 (insert/search/found)
 Automa host:          1/0 (search/found)
 Automa domain:        1/0 (search/found)
 Automa tls cert:      0/0 (search/found)
-Automa risk mask:     0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
@@ -26,4 +26,4 @@ Acceptable                       2 134           1
 
 Network                          2 134           1            
 
-	1	UDP 173.147.108.174:18427 <-> 244.187.95.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/56 bytes][Goodput ratio: 46/21][0.00 sec][Hostname/SNI: 216.58.202.4][0.0.0.0][DNS Id: 0x77fc][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NOTIMP][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 173.147.108.174:18427 <-> 244.187.95.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/56 bytes][Goodput ratio: 46/21][0.00 sec][Hostname/SNI: 216.58.202.4][0.0.0.0][DNS Id: 0x77fc][Risk: ** Error Code **** Minor Issues **][Risk Score: 20][Risk Info: DNS Record with zero TTL / DNS Error Code NOTIMP][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index dcaf19f9b7d..60772a1fc99 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -14,8 +14,8 @@ LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/66/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 LRU cache fpc_dns:    0/66/0 (insert/search/found)
-Automa host:          237/0 (search/found)
-Automa domain:        230/0 (search/found)
+Automa host:          239/0 (search/found)
+Automa domain:        232/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     16/0 (search/found)
 Automa common alpns:  0/0 (search/found)
@@ -59,7 +59,7 @@ System                         109 10824         29
 	9	UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][8.51 sec][Hostname/SNI: lab111][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	10	UDP 192.168.1.41:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][7 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][13.52 sec][Hostname/SNI: workgroup][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 751/0 2253/0 4255/0 1348/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	UDP 212.242.33.35:5060 -> 192.37.115.0:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:35104723@sip.cybercity.dk>;tag=3a2d0dc][SIP To: <sip:35104723@sip.cybercit4.dk>;tag=00-94%s][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	12	UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18062@sip.cybercity.dõ>;tag=6d540a5][SIP To: <sip:voi18062@sip.cybercitysdk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	12	UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18062@sip.cybercity.d\F5>;tag=6d540a5][SIP To: <sip:voi18062@sip.cybercitysdk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.1.52:5060 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18063@sip.cybercity.dk>;tag=903df0a][SIP To: <sip:voi180%s][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.1.2:5060 -> 212.234.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/506 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:35104723@sip.cybercity.dk>;tag=87971a][SIP To: <sip:35104723@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Hostname/SNI: d002465][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -69,13 +69,30 @@ System                         109 10824         29
 	19	UDP 192.168.1.2:2806 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.qk][0.0.0.0][DNS Id: 0x821b][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (bercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.1.2:2825 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x5d0d][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.584 (Executable?)][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	22	UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" <sip:8166j6@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.hrujula.neô>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	22	UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" <sip:8166j6@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.hrujula.ne\F4>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 192.169.1.2:5060 -> 200.68.120.81:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	24	UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" <sip:816666@vSip.brurju…a.net>;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060-5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	25	UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" <sip:35104ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	26	UDP 192.168.1.2:2795 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.36 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][DNS Id: 0xe2ef][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	27	UDP 192.168.1.2:2830 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.37 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][DNS Id: 0x4d35][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	28	UDP 208.242.33.35:5060 -> 192.168.1.2:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: <sipFvoi18063@óip.cybercity.dk>;tag=8e948b0][SIP To: <sip:voi18063@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	24	UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" <sip:816666@vSip.brurju\85a.net>;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060-5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	25	UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" <sip:35104\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA
+\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA
+\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\5D\5B\52\69\73\6B\3A\20\2A\2A\20\55\6E\69\64\69\72\65\63\74\69\6F\6E\61\6C\20\54\72\61\66\66\69\63\20\2A\2A\5D\5B\52\69\73\6B\20\53
+\63\6F\72\65\3A\20\31\30\5D\5B\52\69\73\6B\20\49\6E\66\6F\3A\20\4E\6F\20\73\65\72\76\65\72\20\74\6F\20\63\6C\69\65\6E\74\20\74\72\61\66\66\69\63\5D\5B\50\4C\41\49\4E\20\54\45\58\54\20\28\41\43\4B\20\73\69\70\29\5D\5B\50\6C\65\6E\20\42\69\6E
+\73\3A\20\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\31\30\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30
+\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\5D\0A\09\32\36\09\55\44\50\20\31\39\32\2E\31\36\38\2E\31\2E\32\3A\32\37\39\35\20\3C\2D\3E\20\31\39\32\2E\31\36\38\2E\31\2E\31\3A\35\33\20\5B\70\72\6F\74\6F\3A\20\35\2F\44\4E\53\5D
+\5B\53\74\61\63\6B\3A\20\44\4E\53\5D\5B\49\50\3A\20\30\2F\55\6E\6B\6E\6F\77\6E\5D\5B\43\6C\65\61\72\54\65\78\74\5D\5B\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\46\50\43\3A\20\35\2F\44\4E\53\2C\20\43\6F\6E\66\69\64\65\6E\63\65\3A\20
+\44\50\49\5D\5B\44\50\49\20\70\61\63\6B\65\74\73\3A\20\34\5D\5B\63\61\74\3A\20\4E\65\74\77\6F\72\6B\2F\31\34\5D\5B\42\72\65\65\64\3A\20\41\63\63\65\70\74\61\62\6C\65\5D\5B\33\20\70\6B\74\73\2F\32\32\38\20\62\79\74\65\73\20\3C\2D\3E\20\31\20
+\70\6B\74\73\2F\31\32\38\20\62\79\74\65\73\5D\5B\47\6F\6F\64\70\75\74\20\72\61\74\69\6F\3A\20\34\35\2F\36\37\5D\5B\34\2E\33\36\20\73\65\63\5D\5B\48\6F\73\74\6E\61\6D\65\2F\53\4E\49\3A\20\73\69\70\2E\63\79\62\65\72\63\69\74\79\2E\64\6B\5D\5B
+\32\31\32\2E\32\34\32\2E\33\33\2E\33\35\5D\5B\44\4E\53\20\49\64\3A\20\30\78\65\32\65\66\5D\5B\50\4C\41\49\4E\20\54\45\58\54\20\28\63\79\62\65\72\63\69\74\79\29\5D\5B\50\6C\65\6E\20\42\69\6E\73\3A\20\30\2C\37\35\2C\32\35\2C\30\2C\30\2C\30\2C
+\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C
+\30\2C\30\5D\0A\09\32\37\09\55\44\50\20\31\39\32\2E\31\36\38\2E\31\2E\32\3A\32\38\33\30\20\3C\2D\3E\20\31\39\32\2E\31\36\38\2E\31\2E\31\3A\35\33\20\5B\70\72\6F\74\6F\3A\20\35\2F\44\4E\53\5D\5B\53\74\61\63\6B\3A\20\44\4E\53\5D\5B\49\50\3A\20
+\30\2F\55\6E\6B\6E\6F\77\6E\5D\5B\43\6C\65\61\72\54\65\78\74\5D\5B\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\46\50\43\3A\20\35\2F\44\4E\53\2C\20\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\44\50\49\20\70\61\63\6B\65\74\73\3A
+\20\34\5D\5B\63\61\74\3A\20\4E\65\74\77\6F\72\6B\2F\31\34\5D\5B\42\72\65\65\64\3A\20\41\63\63\65\70\74\61\62\6C\65\5D\5B\33\20\70\6B\74\73\2F\32\32\38\20\62\79\74\65\73\20\3C\2D\3E\20\31\20\70\6B\74\73\2F\31\32\38\20\62\79\74\65\73\5D\5B\47
+\6F\6F\64\70\75\74\20\72\61\74\69\6F\3A\20\34\35\2F\36\37\5D\5B\34\2E\33\37\20\73\65\63\5D\5B\48\6F\73\74\6E\61\6D\65\2F\53\4E\49\3A\20\73\69\70\2E\63\79\62\65\72\63\69\74\79\2E\64\6B\5D\5B\32\31\32\2E\32\34\32\2E\33\33\2E\33\35\5D\5B\44\4E
+\53\20\49\64\3A\20\30\78\34\64\33\35\5D\5B\50\4C\41\49\4E\20\54\45\58\54\20\28\63\79\62\65\72\63\69\74\79\29\5D\5B\50\6C\65\6E\20\42\69\6E\73\3A\20\30\2C\37\35\2C\32\35\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30
+\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\5D\0A\09\32\38\09\55\44\50\20\32\30\38\2E
+\32\34\32\2E\33\33\2E\33\35\3A\35\30\36\30\20\2D\3E\20\31\39\32\2E\31\36\38\2E\31\2E\32\3A\35\30\36\30\20\5B\70\72\6F\74\6F\3A\20\31\30\30\2F\53\49\50\5D\5B\53\74\61\63\6B\3A\20\53\49\50\5D\5B\49\50\3A\20\30\2F\55\6E\6B\6E\6F\77\6E\5D\5B\43
+\6C\65\61\72\54\65\78\74\5D\5B\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\46\50\43\3A\20\31\30\30\2F\53\49\50\2C\20\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\44\50\49\20\70\61\63\6B\65\74\73\3A\20\31\5D\5B\63\61\74\3A\20\56
+\6F\49\50\2F\31\30\5D\5B\42\72\65\65\64\3A\20\41\63\63\65\70\74\61\62\6C\65\5D\5B\31\20\70\6B\74\73\2F\33\34\38\20\62\79\74\65\73\20\2D\3E\20\30\20\70\6B\74\73\2F\30\20\62\79\74\65\73\5D\5B\47\6F\6F\64\70\75\74\20\72\61\74\69\6F\3A\20\38\38
+\2F\30\5D\5B\3C\20\31\20\73\65\63\5D\5B\53\49\50\20\46\72\6F\6D\3A\20\3C\73\69\70\46\76\6F\69\31\38\30\36\33\40\F3ip.cybercity.dk>;tag=8e948b0][SIP To: <sip:voi18063@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 192.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x7dda][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x2cdf][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Header][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	31	UDP 192.168.1.2:2742 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0xb3c0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -243,7 +260,7 @@ System                         109 10824         29
 	193	UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.1?7.in-addr.arpa][0.0.0.0][DNS Id: 0x0c08][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	194	UDP 192.168.1.2:2828 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x3c32][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	195	UDP 192.168.1.18:2751 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0x1aca][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	196	UDP 192.168.1.57:2771 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0xfde0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+      196     UDP 192.168.1.57:2771 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.][0.0.0.0][DNS Id: 0xfde0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	197	UDP 192.168.1.110:2765 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x68fd][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	198	UDP 192.168.33.2:2782 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0x4fe4][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	199	UDP 200.168.1.2:2735 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-adds.arpa][0.0.0.0][DNS Id: 0xf3db][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out
index 397160fa75b..a6da80a2604 100644
--- a/tests/cfgs/default/result/iphone.pcap.out
+++ b/tests/cfgs/default/result/iphone.pcap.out
@@ -71,9 +71,9 @@ JA Host Stats:
 	13	TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
 	14	TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
 	15	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
-	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
+	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 192.168.2.17:49152 <-> 17.253.105.202:80 [proto: 7.140/HTTP.Apple][Stack: HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/473 bytes <-> 4 pkts/968 bytes][Goodput ratio: 28/72][0.33 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 82/80 171/158 82/78][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/242 197/762 51/300][URL: captive.apple.com/hotspot-detect.html][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: CaptiveNetworkSupport-390.60.1 wispr][TCP Fingerprint: 194_64_65535_d29295416479/macOS][PLAIN TEXT (GET /hotspot)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1104 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.2.1:67 -> 192.168.2.17:68 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out
index 535238dca99..13346f2b63a 100644
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@@ -48,27 +48,27 @@ Music                            9 742           2
 
 	1	UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][Plen Bins: 0,2,4,3,0,19,37,21,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][Plen Bins: 0,2,4,3,8,28,14,37,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.1.77:23174 <-> 91.108.8.7:521 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][57 pkts/12266 bytes <-> 66 pkts/14180 bytes][Goodput ratio: 80/80][4.58 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 78/65 500/308 73/53][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 215/215 282/298 59/49][Plen Bins: 0,4,6,8,0,27,38,14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][12 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][54.99 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4886/0 4987/0 5017/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	8	UDP 192.168.1.77:50822 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
 	9	UDP 192.168.1.77:61974 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
 	10	UDP 192.168.1.77:28150 <-> 91.108.16.3:537 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1410 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 61/64][14.14 sec][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/27 368/1416 1577/10001 452/3058][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 108/115 138/138 25/15][Plen Bins: 0,24,48,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	UDP 192.168.1.77:28150 <-> 91.108.12.3:530 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.12 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/17 407/439 1556/1278 452/379][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	12	UDP 192.168.1.77:28150 <-> 91.108.12.5:537 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.10 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/31 405/436 1542/1278 447/377][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.1.77:28150 <-> 91.108.16.1:529 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.14 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/24 410/438 1583/1240 460/372][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	14	UDP 192.168.1.69:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2471 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][58.39 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1460/0 9731/0 48909/0 17522/0][Pkt Len c2s/s2c min/avg/max/stddev: 353/0 353/0 353/0 0/0][PLAIN TEXT (spotify)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	14	UDP 192.168.1.69:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 120s rdatalength: 47 rsp_type: PTR data: _spotify-connect._tcp.local advertised sonos7828ca05facc._spotify-connect._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2471 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][58.39 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1460/0 9731/0 48909/0 17522/0][Pkt Len c2s/s2c min/avg/max/stddev: 353/0 353/0 353/0 0/0][PLAIN TEXT (spotify)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP 192.168.1.77:23174 <-> 91.108.12.1:536 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][10 pkts/1044 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 60/64][2.91 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/22 310/271 949/491 255/132][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 104/118 138/138 26/17][Plen Bins: 0,28,38,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	UDP 192.168.1.77:23174 <-> 91.108.12.5:523 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 12 pkts/1432 bytes][Goodput ratio: 58/65][2.89 sec][bytes ratio: -0.225 (Download)][IAT c2s/s2c min/avg/max/stddev: 133/38 355/239 930/492 265/124][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/119 138/138 24/17][Plen Bins: 0,28,38,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	UDP 192.168.1.77:23174 <-> 91.108.8.8:538 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][2.71 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/42 358/279 839/492 229/118][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17][Plen Bins: 0,30,40,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 192.168.1.77:23174 <-> 91.108.16.1:527 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][3.00 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/38 358/295 984/509 285/138][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17][Plen Bins: 0,30,40,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.1.77:23174 <-> 91.108.16.4:538 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][2.97 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/36 358/294 969/496 279/136][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17][Plen Bins: 0,30,40,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	20	UDP 192.168.1.53:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][18 pkts/2072 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][58.39 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 434/0 3583/0 15377/0 4331/0][Pkt Len c2s/s2c min/avg/max/stddev: 87/0 115/0 238/0 39/0][PLAIN TEXT (spotify)][Plen Bins: 0,73,0,16,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	20	UDP 192.168.1.53:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 14 rsp_type: PTR data: _companion-link._tcp.local advertised luca's ipad._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4497s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4488s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][18 pkts/2072 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][58.39 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 434/0 3583/0 15377/0 4331/0][Pkt Len c2s/s2c min/avg/max/stddev: 87/0 115/0 238/0 39/0][PLAIN TEXT (spotify)][Plen Bins: 0,73,0,16,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.1.77:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1012 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][31.08 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	22	UDP 192.168.1.77:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1012 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][31.08 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	23	UDP [fe80::18a0:a412:8935:c01b]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/945 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][40.09 sec][Hostname/SNI: _sleep-proxy._udp.local][_sleep-proxy._udp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,0,60,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	23	UDP [fe80::18a0:a412:8935:c01b]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 6) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 14 rsp_type: PTR data: _companion-link._tcp.local advertised luca's ipad._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4497s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4488s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4461s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/945 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][40.09 sec][Hostname/SNI: _sleep-proxy._udp.local][_sleep-proxy._udp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,0,60,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	24	UDP 192.168.1.77:52127 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250][User-Agent: Google Chrome/83.0.4103.34 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	25	UDP 192.168.1.53:56384 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/672 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.01 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 192.168.1.53:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Stack: Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 156/Spotify, Confidence: DPI][DPI packets: 1][cat: Music/25][Breed: Fun][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][40.88 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1749/0 5840/0 21180/0 6407/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (fSpotUdp0)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -76,7 +76,7 @@ Music                            9 742           2
 	28	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 192.168.1.53:50698 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	UDP 192.168.1.53:54306 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	31	UDP 192.168.1.77:5353 -> 192.168.1.53:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	31	UDP 192.168.1.77:5353 -> 192.168.1.53:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	32	UDP 192.168.1.77:54595 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][8.49 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][DNS Id: 0x6a44][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	33	UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Hostname/SNI: in.appcenter.ms][20.44.78.251][DNS Id: 0xd285][PLAIN TEXT (appcenter)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	34	UDP 192.168.1.77:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
index 74a0a693fa6..eb52f7593a0 100644
--- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
+++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
@@ -63,16 +63,16 @@ JA Host Stats:
 	12	TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Safe][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
 	13	UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][0.0.0.0][DNS Id: 0xaa4b][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.1.121:51998 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/255 bytes <-> 3 pkts/449 bytes][Goodput ratio: 50/72][1.02 sec][Hostname/SNI: 235.33.22.2.in-addr.arpa][0.0.0.0][DNS Id: 0xa2d1][DNS Ptr: a2-22-33-235.deploy.static.akamaitechnologies.com][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 999/996 500/498 999/996 500/498][Pkt Len c2s/s2c min/avg/max/stddev: 84/131 85/150 86/171 1/16][PLAIN TEXT (deploy)][Plen Bins: 0,51,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	15	UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	UDP 192.168.1.121:51364 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/77 bytes <-> 1 pkts/289 bytes][Goodput ratio: 45/85][0.01 sec][Hostname/SNI: www.microsoft.com][0.0.0.0][DNS Id: 0xc9c5][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	TCP 130.211.33.145:443 <-> 192.168.1.121:53432 [proto: 91/TLS][Stack: TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][2 pkts/163 bytes <-> 2 pkts/167 bytes][Goodput ratio: 19/21][0.01 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 192.168.1.121:55567 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/250 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: wdcp.microsoft.com][0.0.0.0][DNS Id: 0x5de5][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.1.121:58161 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/77 bytes <-> 1 pkts/244 bytes][Goodput ratio: 45/82][0.03 sec][Hostname/SNI: www.microsoft.com][2.22.33.235][DNS Id: 0x0b2f][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	20	UDP [fe80::1059:a858:f9e7:cf94]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	20	UDP [fe80::1059:a858:f9e7:cf94]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.1.121:65492 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/115 bytes <-> 1 pkts/191 bytes][Goodput ratio: 63/78][0.07 sec][Hostname/SNI: wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com][0.0.0.0][DNS Id: 0x564d][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	22	TCP 192.168.1.121:53905 <-> 140.82.113.26:443 [proto: 91/TLS][Stack: TLS][IP: 203/Github][Encrypted][Confidence: DPI][FPC: 203/Github, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][2 pkts/120 bytes <-> 2 pkts/163 bytes][Goodput ratio: 0/19][0.11 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 192.168.1.121:53884 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.02 sec][Hostname/SNI: wdcp.microsoft.com][40.113.10.47][DNS Id: 0xc30d][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	24	UDP 192.168.1.139:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	24	UDP 192.168.1.139:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	25	UDP 192.168.1.121:65213 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/80 bytes <-> 1 pkts/193 bytes][Goodput ratio: 47/78][0.01 sec][Hostname/SNI: time-macos.apple.com][17.253.54.251][DNS Id: 0x4e70][PLAIN TEXT (aaplimg)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 192.168.1.121:55578 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/86 bytes <-> 1 pkts/150 bytes][Goodput ratio: 51/72][0.01 sec][Hostname/SNI: e13678.dscb.akamaiedge.net][0.0.0.0][DNS Id: 0x5d93][PLAIN TEXT (akamaiedge)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	27	UDP 192.168.1.121:54561 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/86 bytes <-> 1 pkts/102 bytes][Goodput ratio: 51/58][0.03 sec][Hostname/SNI: e13678.dscb.akamaiedge.net][2.22.33.235][DNS Id: 0x406f][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out
index a2a87c8d002..bdf285d105b 100644
--- a/tests/cfgs/default/result/wa_voice.pcap.out
+++ b/tests/cfgs/default/result/wa_voice.pcap.out
@@ -72,8 +72,8 @@ JA Host Stats:
 	12	UDP 192.168.2.12:56328 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6149 22207/12298 9311/6149][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.2.12:56328 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 8626/6151 22207/12301 9311/6150][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.2.12:64716 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/671 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][9.04 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	15	UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	ICMP 192.168.2.12:0 -> 91.252.56.51:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.2.12:55296 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.03 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][31.13.86.51][DNS Id: 0x3369][PLAIN TEXT (whatsapp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_use_client_port/result/iphone.pcap.out b/tests/cfgs/disable_use_client_port/result/iphone.pcap.out
index 326f4e055b7..987c2bd273b 100644
--- a/tests/cfgs/disable_use_client_port/result/iphone.pcap.out
+++ b/tests/cfgs/disable_use_client_port/result/iphone.pcap.out
@@ -71,9 +71,9 @@ JA Host Stats:
 	13	TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
 	14	TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
 	15	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
-	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
+	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 192.168.2.17:49152 <-> 17.253.105.202:80 [proto: 7.140/HTTP.Apple][Stack: HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/473 bytes <-> 4 pkts/968 bytes][Goodput ratio: 28/72][0.33 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 82/80 171/158 82/78][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/242 197/762 51/300][URL: captive.apple.com/hotspot-detect.html][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: CaptiveNetworkSupport-390.60.1 wispr][TCP Fingerprint: 194_64_65535_d29295416479/macOS][PLAIN TEXT (GET /hotspot)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1104 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.2.1:67 -> 192.168.2.17:68 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_sub_enable/result/dns.pcap.out b/tests/cfgs/dns_sub_enable/result/dns.pcap.out
index ffa808d1b28..d9c5506e1ef 100644
--- a/tests/cfgs/dns_sub_enable/result/dns.pcap.out
+++ b/tests/cfgs/dns_sub_enable/result/dns.pcap.out
@@ -31,6 +31,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][Stack: DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][Stack: DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
index 99a06d2f455..88121b7cb64 100644
--- a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
+++ b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
@@ -29,6 +29,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][0.0.0.0][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][0.0.0.0][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][0.0.0.0][DNS Id: 0xdca2][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/subclassification_disable/result/dns.pcap.out b/tests/cfgs/subclassification_disable/result/dns.pcap.out
index 9f9f8e36cd7..f0854a74d61 100644
--- a/tests/cfgs/subclassification_disable/result/dns.pcap.out
+++ b/tests/cfgs/subclassification_disable/result/dns.pcap.out
@@ -29,6 +29,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From c84ba7f677516ac12485787b735207d925e41e4c Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Tue, 12 Aug 2025 00:01:08 +0200
Subject: [PATCH 02/16] Made mdns_metadata struct much smaller in
 ndpi_flow_struct with dynamic allocation

---
 example/reader_util.c       | 28 +++++++++++++++++-----------
 example/reader_util.h       |  2 +-
 src/include/ndpi_typedefs.h |  4 ++--
 src/lib/ndpi_main.c         | 10 ++++++++++
 src/lib/protocols/dns.c     | 16 +++++++++++++---
 5 files changed, 43 insertions(+), 17 deletions(-)

diff --git a/example/reader_util.c b/example/reader_util.c
index a74c324fbad..dcfdc610c8f 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -619,6 +619,7 @@ void ndpi_flow_info_free_data(struct ndpi_flow_info *flow) {
     ndpi_free(flow->mdns_metadata.services[i].name);
     ndpi_free(flow->mdns_metadata.services[i].data);
   }
+  if(flow->mdns_metadata.services) ndpi_free(flow->mdns_metadata.services);
 }
 
 /* ***************************************************** */
@@ -1630,17 +1631,22 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 
   flow->mdns_metadata.num_services = flow->ndpi_flow->mdns_metadata.num_services;
 
-  for(int idx = 0; idx < flow->mdns_metadata.num_services; ++idx) {
-    struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[idx];
-    struct ndpi_mdns_rsp_entry *reference = &flow->ndpi_flow->mdns_metadata.services[idx];
-
-    service->rsp_type = reference->rsp_type;
-    service->rsp_class = reference->rsp_class;
-    service->ttl = reference->ttl;
-    service->data_len = reference->data_len;
-    service->name = ndpi_strdup(reference->name);
-    service->data = ndpi_strdup(reference->data);
-    service->srv_port = reference->srv_port;
+  if(flow->mdns_metadata.num_services > 0) {
+    flow->mdns_metadata.services = ndpi_malloc(
+      sizeof(struct ndpi_mdns_rsp_entry) * flow->mdns_metadata.num_services);
+
+    for(int idx = 0; idx < flow->mdns_metadata.num_services; ++idx) {
+      struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[idx];
+      struct ndpi_mdns_rsp_entry *reference = &flow->ndpi_flow->mdns_metadata.services[idx];
+
+      service->rsp_type = reference->rsp_type;
+      service->rsp_class = reference->rsp_class;
+      service->ttl = reference->ttl;
+      service->data_len = reference->data_len;
+      service->name = ndpi_strdup(reference->name);
+      service->data = ndpi_strdup(reference->data);
+      service->srv_port = reference->srv_port;
+    }
   }
 
   if(!monitoring_enabled) {
diff --git a/example/reader_util.h b/example/reader_util.h
index 165ba5ab820..5cf2583351f 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -287,7 +287,7 @@ typedef struct ndpi_flow_info {
 
   struct {
     uint8_t num_services;
-    struct ndpi_mdns_rsp_entry services[MAX_NUM_MDNS_ADVERTISED_SERVICES];
+    struct ndpi_mdns_rsp_entry *services;
   } mdns_metadata;
 
   ndpi_serializer ndpi_flow_serializer;
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 249f0dfba5b..6feab9acfba 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1698,7 +1698,7 @@ struct ndpi_flow_struct {
 
   struct {
     uint8_t num_services;
-    struct ndpi_mdns_rsp_entry services[MAX_NUM_MDNS_ADVERTISED_SERVICES];
+    struct ndpi_mdns_rsp_entry *services;
   } mdns_metadata;
 
   /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
@@ -1758,7 +1758,7 @@ struct ndpi_flow_struct {
 _Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 264,
                "Size of the struct member protocols increased to more than 264 bytes, "
                "please check if this change is necessary.");
-_Static_assert(sizeof(struct ndpi_flow_struct) <= 1408,
+_Static_assert(sizeof(struct ndpi_flow_struct) <= 1232,
                "Size of the flow struct increased to more than 1408 bytes, "
                "please check if this change is necessary.");
 #endif
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 58aeacad006..b208f4ddbd9 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -22,6 +22,8 @@
 #include <errno.h>
 #include <sys/types.h>
 
+#include "../include/ndpi_typedefs.h"
+
 #ifdef __APPLE__
 #include <netinet/ip.h>
 #endif
@@ -7731,6 +7733,14 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) {
 
     if(flow->tls_quic.obfuscated_heur_state)
       ndpi_free(flow->tls_quic.obfuscated_heur_state);
+
+  	if(flow->mdns_metadata.num_services > 0) {
+  	  for(int i = 0; i < flow->mdns_metadata.num_services; i++) {
+  	  	ndpi_free(flow->mdns_metadata.services[i].name);
+  	  	ndpi_free(flow->mdns_metadata.services[i].data);
+  	  }
+  	  ndpi_free(flow->mdns_metadata.services);
+  	}
   }
 }
 
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 4fea154c9a7..4bfed534b43 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -327,6 +327,13 @@ static int add_to_mdns_metadata(struct ndpi_flow_struct *flow,
                                 u_int16_t rsp_type, u_int16_t rsp_class, u_int32_t ttl,
                                 u_int16_t data_len, u_int16_t srv_port, char *data,
                                 u_int16_t name_len, const char *name) {
+  if(flow->mdns_metadata.services == NULL) {
+    if((flow->mdns_metadata.services = ndpi_malloc(
+      sizeof(struct ndpi_mdns_rsp_entry) * MAX_NUM_MDNS_ADVERTISED_SERVICES)) == NULL) {
+      return -1;
+    }
+  }
+
   struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[flow->mdns_metadata.num_services];
   service->rsp_class = rsp_class;
   service->rsp_type = rsp_type;
@@ -625,9 +632,12 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
         x += data_len;
       }
 
-      if(proto->master_protocol == NDPI_PROTOCOL_MDNS && name_len > 0 && data != NULL &&
-         flow->mdns_metadata.num_services < MAX_NUM_MDNS_ADVERTISED_SERVICES) {
-          if(add_to_mdns_metadata(flow, rsp_type, rsp_class, rsp_ttl, data_len, srv_port, data, name_len, name) < 0) {
+      if(proto->master_protocol == NDPI_PROTOCOL_MDNS && data != NULL) {
+          if(name_len <= 0 ||
+            flow->mdns_metadata.num_services >= MAX_NUM_MDNS_ADVERTISED_SERVICES) {
+            /* info was useless or we reached the limit */
+            ndpi_free(data);
+          } else if(add_to_mdns_metadata(flow, rsp_type, rsp_class, rsp_ttl, data_len, srv_port, data, name_len, name) < 0) {
 #ifdef DNS_DEBUG
             printf("[DNS] Out of memory\n");
 #endif

From cd7bdd56c2aa2d2b8fa9550ed3891ba8b43fc0cb Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Tue, 12 Aug 2025 00:46:57 +0200
Subject: [PATCH 03/16] Duplicates prevention check added to
 add_to_mdns_metadata

---
 src/lib/protocols/dns.c                       | 19 +++++++++++++++++++
 .../default/result/anyconnect-vpn.pcap.out    |  4 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 4bfed534b43..c2006653f9c 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -334,6 +334,25 @@ static int add_to_mdns_metadata(struct ndpi_flow_struct *flow,
     }
   }
 
+  /* check for duplicates: we ignore them and free data */
+  for(int i = 0; i < flow->mdns_metadata.num_services; i++) {
+    struct ndpi_mdns_rsp_entry *svc = &flow->mdns_metadata.services[i];
+    size_t dl; /* data len */
+
+    if(svc->rsp_type == rsp_type &&
+       svc->rsp_class == rsp_class &&
+       svc->ttl == ttl &&
+       svc->data_len == data_len &&
+       svc->srv_port == srv_port &&
+       strlen(svc->name) == name_len &&
+       strlen(svc->data) == (dl = strlen(data)) &&
+       memcmp(svc->name, name, name_len) == 0 &&
+       memcmp(svc->data, data, dl) == 0) {
+      if(data) ndpi_free(data);
+      return 0;
+    }
+  }
+
   struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[flow->mdns_metadata.num_services];
   service->rsp_class = rsp_class;
   service->rsp_type = rsp_type;
diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
index 5d7c5e80364..1e7b406f69e 100644
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -70,11 +70,11 @@ JA Host Stats:
 	10	TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	12	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
-	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 2) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local; rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 2) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local; rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 10.0.0.227:57547 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From 921fd41bd593a7338c22db364f53de973462f152 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Tue, 12 Aug 2025 16:09:18 +0200
Subject: [PATCH 04/16] Corrected bug for mDNS rsp_class and cache flush bit

---
 src/include/ndpi_typedefs.h                   |  4 ++--
 src/lib/protocols/dns.c                       | 20 +++++++++++++++----
 .../default/result/anyconnect-vpn.pcap.out    |  8 ++++----
 tests/cfgs/default/result/dns.pcap.out        |  2 +-
 tests/cfgs/default/result/iphone.pcap.out     |  6 +++---
 tests/cfgs/default/result/telegram.pcap.out   | 14 ++++++-------
 .../result/tls_certificate_too_long.pcap.out  |  6 +++---
 tests/cfgs/default/result/wa_voice.pcap.out   |  4 ++--
 .../result/iphone.pcap.out                    |  6 +++---
 tests/cfgs/dns_sub_enable/result/dns.pcap.out |  2 +-
 .../result/dns.pcap.out                       |  2 +-
 .../result/dns.pcap.out                       |  2 +-
 12 files changed, 44 insertions(+), 32 deletions(-)

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 6feab9acfba..00ede483f5f 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -397,7 +397,7 @@ struct ndpi_dhcphdr {
 } PACK_OFF;
 
 /* +++++++++++++++ MDNS rsp header +++++++++++++++ */
-PACK_ON
+
 struct ndpi_mdns_rsp_entry {
   u_int16_t rsp_type, rsp_class;
   u_int32_t ttl;
@@ -405,7 +405,7 @@ struct ndpi_mdns_rsp_entry {
   char *name; // hostname
   char *data; // metadata
   u_int16_t srv_port;
-} PACK_OFF;
+};
 
 /* +++++++++++++++++++ LLC header (IEEE 802.2) ++++++++++++++++ */
 
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index c2006653f9c..a058b0e1c55 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -474,7 +474,18 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
     /* x points to the response "class" field */
     if((x+12) <= packet->payload_packet_len) {
       u_int16_t srv_port = 0;
-      u_int16_t rsp_class = ntohl(*(u_int16_t *) &packet->payload[x]);
+      u_int16_t raw_rsp_class = ntohs(*(u_int16_t *) &packet->payload[x]);;
+      u_int16_t rsp_class;
+
+      if(proto->master_protocol == NDPI_PROTOCOL_MDNS) {
+#ifdef DNS_DEBUG  /* avoid warning "unused variable ‘cache_flush’ [-Wunused-variable]" */
+        u_int8_t cache_flush = (raw_rsp_class & 0x8000) != 0;
+#endif
+        rsp_class = raw_rsp_class & 0x7FFF;
+      } else {
+        rsp_class = raw_rsp_class;
+      }
+
       u_int32_t ttl = ntohl(*((u_int32_t*)&packet->payload[x+2]));
 
       x += 6;
@@ -629,8 +640,8 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
             char target[255];
             u_int target_len = 0;
 
-            if((ndpi_grab_dns_name(packet, &x_orig, target, sizeof(target),
-                &target_len, ignore_checks)) == 0) {
+            if(ndpi_grab_dns_name(packet, &x_orig, target, sizeof(target),
+                &target_len, ignore_checks) == 0) {
               /* todo: maybe set_risk here, malformed name */
               continue;
             }
@@ -656,7 +667,8 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
             flow->mdns_metadata.num_services >= MAX_NUM_MDNS_ADVERTISED_SERVICES) {
             /* info was useless or we reached the limit */
             ndpi_free(data);
-          } else if(add_to_mdns_metadata(flow, rsp_type, rsp_class, rsp_ttl, data_len, srv_port, data, name_len, name) < 0) {
+          } else if(add_to_mdns_metadata(flow, rsp_type, rsp_class, rsp_ttl,
+                                         data_len,srv_port, data, name_len, name) < 0) {
 #ifdef DNS_DEBUG
             printf("[DNS] Out of memory\n");
 #endif
diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
index 1e7b406f69e..aae6be86cb2 100644
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -70,21 +70,21 @@ JA Host Stats:
 	10	TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	12	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
-	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 10.0.0.227:57547 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250][User-Agent: Google Chrome/77.0.3865.90 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	21	UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 120s rdatalength: 39 rsp_type: PTR data: _googlezone._tcp.local advertised 79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Hostname/SNI: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	21	UDP 10.0.0.149:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 120s rdatalength: 39 rsp_type: PTR data: _googlezone._tcp.local advertised 79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][4 pkts/655 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.00 sec][Hostname/SNI: _googlezone._tcp.local][_googlezone._tcp.local][PLAIN TEXT (googlezone)][Plen Bins: 0,25,25,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	22	UDP 10.0.0.149:38616 -> 10.0.0.227:61328 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 10.0.0.149:48166 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	24	UDP 10.0.0.149:49816 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	25	UDP 10.0.0.149:50081 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	27	UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	27	UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	28	TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][DNS Id: 0x1090][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dns.pcap.out b/tests/cfgs/default/result/dns.pcap.out
index f0854a74d61..d55f42e7b87 100644
--- a/tests/cfgs/default/result/dns.pcap.out
+++ b/tests/cfgs/default/result/dns.pcap.out
@@ -29,6 +29,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 1 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 1 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out
index a6da80a2604..03370c6a469 100644
--- a/tests/cfgs/default/result/iphone.pcap.out
+++ b/tests/cfgs/default/result/iphone.pcap.out
@@ -71,9 +71,9 @@ JA Host Stats:
 	13	TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
 	14	TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
 	15	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
-	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 1 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 1 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 1 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 1 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
+	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 1 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 1 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 192.168.2.17:49152 <-> 17.253.105.202:80 [proto: 7.140/HTTP.Apple][Stack: HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/473 bytes <-> 4 pkts/968 bytes][Goodput ratio: 28/72][0.33 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 82/80 171/158 82/78][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/242 197/762 51/300][URL: captive.apple.com/hotspot-detect.html][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: CaptiveNetworkSupport-390.60.1 wispr][TCP Fingerprint: 194_64_65535_d29295416479/macOS][PLAIN TEXT (GET /hotspot)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1104 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.2.1:67 -> 192.168.2.17:68 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out
index 13346f2b63a..55357b167b6 100644
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@@ -48,27 +48,27 @@ Music                            9 742           2
 
 	1	UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][Plen Bins: 0,2,4,3,0,19,37,21,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][Plen Bins: 0,2,4,3,8,28,14,37,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.1.77:23174 <-> 91.108.8.7:521 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][57 pkts/12266 bytes <-> 66 pkts/14180 bytes][Goodput ratio: 80/80][4.58 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 78/65 500/308 73/53][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 215/215 282/298 59/49][Plen Bins: 0,4,6,8,0,27,38,14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][12 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][54.99 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4886/0 4987/0 5017/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	8	UDP 192.168.1.77:50822 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
 	9	UDP 192.168.1.77:61974 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
 	10	UDP 192.168.1.77:28150 <-> 91.108.16.3:537 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1410 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 61/64][14.14 sec][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/27 368/1416 1577/10001 452/3058][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 108/115 138/138 25/15][Plen Bins: 0,24,48,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	UDP 192.168.1.77:28150 <-> 91.108.12.3:530 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.12 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/17 407/439 1556/1278 452/379][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	12	UDP 192.168.1.77:28150 <-> 91.108.12.5:537 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.10 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/31 405/436 1542/1278 447/377][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.1.77:28150 <-> 91.108.16.1:529 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.14 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/24 410/438 1583/1240 460/372][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	14	UDP 192.168.1.69:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 120s rdatalength: 47 rsp_type: PTR data: _spotify-connect._tcp.local advertised sonos7828ca05facc._spotify-connect._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2471 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][58.39 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1460/0 9731/0 48909/0 17522/0][Pkt Len c2s/s2c min/avg/max/stddev: 353/0 353/0 353/0 0/0][PLAIN TEXT (spotify)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	14	UDP 192.168.1.69:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 120s rdatalength: 47 rsp_type: PTR data: _spotify-connect._tcp.local advertised sonos7828ca05facc._spotify-connect._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2471 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][58.39 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1460/0 9731/0 48909/0 17522/0][Pkt Len c2s/s2c min/avg/max/stddev: 353/0 353/0 353/0 0/0][PLAIN TEXT (spotify)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP 192.168.1.77:23174 <-> 91.108.12.1:536 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][10 pkts/1044 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 60/64][2.91 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/22 310/271 949/491 255/132][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 104/118 138/138 26/17][Plen Bins: 0,28,38,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	UDP 192.168.1.77:23174 <-> 91.108.12.5:523 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 12 pkts/1432 bytes][Goodput ratio: 58/65][2.89 sec][bytes ratio: -0.225 (Download)][IAT c2s/s2c min/avg/max/stddev: 133/38 355/239 930/492 265/124][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/119 138/138 24/17][Plen Bins: 0,28,38,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	UDP 192.168.1.77:23174 <-> 91.108.8.8:538 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][2.71 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/42 358/279 839/492 229/118][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17][Plen Bins: 0,30,40,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 192.168.1.77:23174 <-> 91.108.16.1:527 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][3.00 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/38 358/295 984/509 285/138][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17][Plen Bins: 0,30,40,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.1.77:23174 <-> 91.108.16.4:538 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][2.97 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/36 358/294 969/496 279/136][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17][Plen Bins: 0,30,40,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	20	UDP 192.168.1.53:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 14 rsp_type: PTR data: _companion-link._tcp.local advertised luca's ipad._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4497s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4488s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][18 pkts/2072 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][58.39 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 434/0 3583/0 15377/0 4331/0][Pkt Len c2s/s2c min/avg/max/stddev: 87/0 115/0 238/0 39/0][PLAIN TEXT (spotify)][Plen Bins: 0,73,0,16,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	20	UDP 192.168.1.53:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 1 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 14 rsp_type: PTR data: _companion-link._tcp.local advertised luca's ipad._companion-link._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 1 ttl: 4497s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 1 ttl: 4488s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][18 pkts/2072 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][58.39 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 434/0 3583/0 15377/0 4331/0][Pkt Len c2s/s2c min/avg/max/stddev: 87/0 115/0 238/0 39/0][PLAIN TEXT (spotify)][Plen Bins: 0,73,0,16,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.1.77:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1012 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][31.08 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	22	UDP 192.168.1.77:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1012 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][31.08 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	23	UDP [fe80::18a0:a412:8935:c01b]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 6) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 14 rsp_type: PTR data: _companion-link._tcp.local advertised luca's ipad._companion-link._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4497s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4488s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 0 ttl: 4461s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/945 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][40.09 sec][Hostname/SNI: _sleep-proxy._udp.local][_sleep-proxy._udp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,0,60,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	23	UDP [fe80::18a0:a412:8935:c01b]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 6) - rsp_class: 1 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 14 rsp_type: PTR data: _companion-link._tcp.local advertised luca's ipad._companion-link._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 1 ttl: 4497s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 1 ttl: 4488s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local; rsp_class: 1 ttl: 4461s rdatalength: 18 rsp_type: PTR data: _sleep-proxy._udp.local advertised 50-35-10-70.1 1._sleep-proxy._udp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/945 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][40.09 sec][Hostname/SNI: _sleep-proxy._udp.local][_sleep-proxy._udp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,0,60,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	24	UDP 192.168.1.77:52127 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250][User-Agent: Google Chrome/83.0.4103.34 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	25	UDP 192.168.1.53:56384 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/672 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.01 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 192.168.1.53:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][Stack: Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 156/Spotify, Confidence: DPI][DPI packets: 1][cat: Music/25][Breed: Fun][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][40.88 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1749/0 5840/0 21180/0 6407/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (fSpotUdp0)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -76,7 +76,7 @@ Music                            9 742           2
 	28	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 192.168.1.53:50698 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	UDP 192.168.1.53:54306 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	31	UDP 192.168.1.77:5353 -> 192.168.1.53:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	31	UDP 192.168.1.77:5353 -> 192.168.1.53:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	32	UDP 192.168.1.77:54595 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][8.49 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][DNS Id: 0x6a44][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	33	UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Hostname/SNI: in.appcenter.ms][20.44.78.251][DNS Id: 0xd285][PLAIN TEXT (appcenter)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	34	UDP 192.168.1.77:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
index eb52f7593a0..a9a7386c2d6 100644
--- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
+++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
@@ -63,16 +63,16 @@ JA Host Stats:
 	12	TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Safe][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
 	13	UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][0.0.0.0][DNS Id: 0xaa4b][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.1.121:51998 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/255 bytes <-> 3 pkts/449 bytes][Goodput ratio: 50/72][1.02 sec][Hostname/SNI: 235.33.22.2.in-addr.arpa][0.0.0.0][DNS Id: 0xa2d1][DNS Ptr: a2-22-33-235.deploy.static.akamaitechnologies.com][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 999/996 500/498 999/996 500/498][Pkt Len c2s/s2c min/avg/max/stddev: 84/131 85/150 86/171 1/16][PLAIN TEXT (deploy)][Plen Bins: 0,51,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	15	UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	UDP 192.168.1.121:51364 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/77 bytes <-> 1 pkts/289 bytes][Goodput ratio: 45/85][0.01 sec][Hostname/SNI: www.microsoft.com][0.0.0.0][DNS Id: 0xc9c5][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	TCP 130.211.33.145:443 <-> 192.168.1.121:53432 [proto: 91/TLS][Stack: TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][2 pkts/163 bytes <-> 2 pkts/167 bytes][Goodput ratio: 19/21][0.01 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 192.168.1.121:55567 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/250 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: wdcp.microsoft.com][0.0.0.0][DNS Id: 0x5de5][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.1.121:58161 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/77 bytes <-> 1 pkts/244 bytes][Goodput ratio: 45/82][0.03 sec][Hostname/SNI: www.microsoft.com][2.22.33.235][DNS Id: 0x0b2f][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	20	UDP [fe80::1059:a858:f9e7:cf94]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	20	UDP [fe80::1059:a858:f9e7:cf94]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.1.121:65492 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/115 bytes <-> 1 pkts/191 bytes][Goodput ratio: 63/78][0.07 sec][Hostname/SNI: wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com][0.0.0.0][DNS Id: 0x564d][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	22	TCP 192.168.1.121:53905 <-> 140.82.113.26:443 [proto: 91/TLS][Stack: TLS][IP: 203/Github][Encrypted][Confidence: DPI][FPC: 203/Github, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][2 pkts/120 bytes <-> 2 pkts/163 bytes][Goodput ratio: 0/19][0.11 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 192.168.1.121:53884 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.02 sec][Hostname/SNI: wdcp.microsoft.com][40.113.10.47][DNS Id: 0xc30d][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	24	UDP 192.168.1.139:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	24	UDP 192.168.1.139:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 8 rsp_type: PTR data: _companion-link._tcp.local advertised mbpro._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.02 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	25	UDP 192.168.1.121:65213 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/80 bytes <-> 1 pkts/193 bytes][Goodput ratio: 47/78][0.01 sec][Hostname/SNI: time-macos.apple.com][17.253.54.251][DNS Id: 0x4e70][PLAIN TEXT (aaplimg)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 192.168.1.121:55578 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/86 bytes <-> 1 pkts/150 bytes][Goodput ratio: 51/72][0.01 sec][Hostname/SNI: e13678.dscb.akamaiedge.net][0.0.0.0][DNS Id: 0x5d93][PLAIN TEXT (akamaiedge)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	27	UDP 192.168.1.121:54561 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/86 bytes <-> 1 pkts/102 bytes][Goodput ratio: 51/58][0.03 sec][Hostname/SNI: e13678.dscb.akamaiedge.net][2.22.33.235][DNS Id: 0x406f][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out
index bdf285d105b..fd15b2b7f03 100644
--- a/tests/cfgs/default/result/wa_voice.pcap.out
+++ b/tests/cfgs/default/result/wa_voice.pcap.out
@@ -72,8 +72,8 @@ JA Host Stats:
 	12	UDP 192.168.2.12:56328 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6149 22207/12298 9311/6149][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.2.12:56328 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 8626/6151 22207/12301 9311/6150][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.2.12:64716 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/671 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][9.04 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	15	UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 0 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	ICMP 192.168.2.12:0 -> 91.252.56.51:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.2.12:55296 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.03 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][31.13.86.51][DNS Id: 0x3369][PLAIN TEXT (whatsapp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_use_client_port/result/iphone.pcap.out b/tests/cfgs/disable_use_client_port/result/iphone.pcap.out
index 987c2bd273b..35350cf48f4 100644
--- a/tests/cfgs/disable_use_client_port/result/iphone.pcap.out
+++ b/tests/cfgs/disable_use_client_port/result/iphone.pcap.out
@@ -71,9 +71,9 @@ JA Host Stats:
 	13	TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
 	14	TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
 	15	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
-	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 0 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 0 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 1 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 1 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 1 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 1 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
+	18	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 8) - rsp_class: 1 ttl: 4500s rdatalength: 52 rsp_type: TXT data: luca’s imac._odisk._tcp.local additional info sys=waMA=C4:2C:03:06:49:FE,adVF=0x4,adDT=0x3,adCC=0; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _odisk._tcp.local advertised luca’s imac._odisk._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 26 rsp_type: TXT data: luca’s imac._device-info._tcp.local additional info model=iMac11,3, osxvers=17; rsp_class: 1 ttl: 4500s rdatalength: 51 rsp_type: TXT data: _kerberos.lucas-imac.local additional info LKDC:SHA1.492480C3EA8282771A0D288F111EF9E751F95A63; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: luca’s imac._smb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _smb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _smb._tcp.local advertised luca’s imac._smb._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 192.168.2.17:49152 <-> 17.253.105.202:80 [proto: 7.140/HTTP.Apple][Stack: HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/473 bytes <-> 4 pkts/968 bytes][Goodput ratio: 28/72][0.33 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 82/80 171/158 82/78][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/242 197/762 51/300][URL: captive.apple.com/hotspot-detect.html][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: CaptiveNetworkSupport-390.60.1 wispr][TCP Fingerprint: 194_64_65535_d29295416479/macOS][PLAIN TEXT (GET /hotspot)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][2 pkts/1104 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.2.1:67 -> 192.168.2.17:68 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_sub_enable/result/dns.pcap.out b/tests/cfgs/dns_sub_enable/result/dns.pcap.out
index d9c5506e1ef..5b71eb0d7ec 100644
--- a/tests/cfgs/dns_sub_enable/result/dns.pcap.out
+++ b/tests/cfgs/dns_sub_enable/result/dns.pcap.out
@@ -31,6 +31,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 1 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 1 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][Stack: DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][Stack: DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
index 88121b7cb64..fc32a088d58 100644
--- a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
+++ b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
@@ -29,6 +29,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][0.0.0.0][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 1 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 1 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][0.0.0.0][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][0.0.0.0][DNS Id: 0xdca2][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/subclassification_disable/result/dns.pcap.out b/tests/cfgs/subclassification_disable/result/dns.pcap.out
index f0854a74d61..d55f42e7b87 100644
--- a/tests/cfgs/subclassification_disable/result/dns.pcap.out
+++ b/tests/cfgs/subclassification_disable/result/dns.pcap.out
@@ -29,6 +29,6 @@ Acceptable                      17 3553          4
 Network                         17 3553          4            
 
 	1	TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 0 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 0 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 0 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 0 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 5) - rsp_class: 1 ttl: 120s rdatalength: 15 rsp_type: PTR data: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa advertised android.local; rsp_class: 1 ttl: 4500s rdatalength: 1 rsp_type: TXT data: adb-unidentified._adb._tcp.local additional info ; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _services._dns-sd._udp.local advertised _adb._tcp.local; rsp_class: 1 ttl: 4500s rdatalength: 2 rsp_type: PTR data: _adb._tcp.local advertised adb-unidentified._adb._tcp.local; rsp_class: 1 ttl: 120s rdatalength: 8 rsp_type: SRV data: adb-unidentified._adb._tcp.local is on port 5555][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From b0538f2605ce55ac55c20a46f212f660b6aec2c2 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Wed, 13 Aug 2025 01:06:34 +0200
Subject: [PATCH 05/16] Fixed fuzz-2006-06-26-2594.pcap.out unit test

---
 .../result/fuzz-2006-06-26-2594.pcap.out      | 33 +++++--------------
 1 file changed, 8 insertions(+), 25 deletions(-)

diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index 60772a1fc99..5bc1f7f2b74 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -59,7 +59,7 @@ System                         109 10824         29
 	9	UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][8.51 sec][Hostname/SNI: lab111][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	10	UDP 192.168.1.41:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][7 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][13.52 sec][Hostname/SNI: workgroup][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 751/0 2253/0 4255/0 1348/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	UDP 212.242.33.35:5060 -> 192.37.115.0:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:35104723@sip.cybercity.dk>;tag=3a2d0dc][SIP To: <sip:35104723@sip.cybercit4.dk>;tag=00-94%s][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	12	UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18062@sip.cybercity.d\F5>;tag=6d540a5][SIP To: <sip:voi18062@sip.cybercitysdk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	12	UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18062@sip.cybercity.dõ>;tag=6d540a5][SIP To: <sip:voi18062@sip.cybercitysdk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.1.52:5060 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18063@sip.cybercity.dk>;tag=903df0a][SIP To: <sip:voi180%s][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.1.2:5060 -> 212.234.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/506 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:35104723@sip.cybercity.dk>;tag=87971a][SIP To: <sip:35104723@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Hostname/SNI: d002465][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -69,30 +69,13 @@ System                         109 10824         29
 	19	UDP 192.168.1.2:2806 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.qk][0.0.0.0][DNS Id: 0x821b][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (bercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.1.2:2825 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x5d0d][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.584 (Executable?)][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	22	UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" <sip:8166j6@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.hrujula.ne\F4>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	22	UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" <sip:8166j6@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.hrujula.neô>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 192.169.1.2:5060 -> 200.68.120.81:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	24	UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" <sip:816666@vSip.brurju\85a.net>;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060-5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	25	UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" <sip:35104\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA
-\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA
-\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\AA\5D\5B\52\69\73\6B\3A\20\2A\2A\20\55\6E\69\64\69\72\65\63\74\69\6F\6E\61\6C\20\54\72\61\66\66\69\63\20\2A\2A\5D\5B\52\69\73\6B\20\53
-\63\6F\72\65\3A\20\31\30\5D\5B\52\69\73\6B\20\49\6E\66\6F\3A\20\4E\6F\20\73\65\72\76\65\72\20\74\6F\20\63\6C\69\65\6E\74\20\74\72\61\66\66\69\63\5D\5B\50\4C\41\49\4E\20\54\45\58\54\20\28\41\43\4B\20\73\69\70\29\5D\5B\50\6C\65\6E\20\42\69\6E
-\73\3A\20\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\31\30\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30
-\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\5D\0A\09\32\36\09\55\44\50\20\31\39\32\2E\31\36\38\2E\31\2E\32\3A\32\37\39\35\20\3C\2D\3E\20\31\39\32\2E\31\36\38\2E\31\2E\31\3A\35\33\20\5B\70\72\6F\74\6F\3A\20\35\2F\44\4E\53\5D
-\5B\53\74\61\63\6B\3A\20\44\4E\53\5D\5B\49\50\3A\20\30\2F\55\6E\6B\6E\6F\77\6E\5D\5B\43\6C\65\61\72\54\65\78\74\5D\5B\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\46\50\43\3A\20\35\2F\44\4E\53\2C\20\43\6F\6E\66\69\64\65\6E\63\65\3A\20
-\44\50\49\5D\5B\44\50\49\20\70\61\63\6B\65\74\73\3A\20\34\5D\5B\63\61\74\3A\20\4E\65\74\77\6F\72\6B\2F\31\34\5D\5B\42\72\65\65\64\3A\20\41\63\63\65\70\74\61\62\6C\65\5D\5B\33\20\70\6B\74\73\2F\32\32\38\20\62\79\74\65\73\20\3C\2D\3E\20\31\20
-\70\6B\74\73\2F\31\32\38\20\62\79\74\65\73\5D\5B\47\6F\6F\64\70\75\74\20\72\61\74\69\6F\3A\20\34\35\2F\36\37\5D\5B\34\2E\33\36\20\73\65\63\5D\5B\48\6F\73\74\6E\61\6D\65\2F\53\4E\49\3A\20\73\69\70\2E\63\79\62\65\72\63\69\74\79\2E\64\6B\5D\5B
-\32\31\32\2E\32\34\32\2E\33\33\2E\33\35\5D\5B\44\4E\53\20\49\64\3A\20\30\78\65\32\65\66\5D\5B\50\4C\41\49\4E\20\54\45\58\54\20\28\63\79\62\65\72\63\69\74\79\29\5D\5B\50\6C\65\6E\20\42\69\6E\73\3A\20\30\2C\37\35\2C\32\35\2C\30\2C\30\2C\30\2C
-\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C
-\30\2C\30\5D\0A\09\32\37\09\55\44\50\20\31\39\32\2E\31\36\38\2E\31\2E\32\3A\32\38\33\30\20\3C\2D\3E\20\31\39\32\2E\31\36\38\2E\31\2E\31\3A\35\33\20\5B\70\72\6F\74\6F\3A\20\35\2F\44\4E\53\5D\5B\53\74\61\63\6B\3A\20\44\4E\53\5D\5B\49\50\3A\20
-\30\2F\55\6E\6B\6E\6F\77\6E\5D\5B\43\6C\65\61\72\54\65\78\74\5D\5B\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\46\50\43\3A\20\35\2F\44\4E\53\2C\20\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\44\50\49\20\70\61\63\6B\65\74\73\3A
-\20\34\5D\5B\63\61\74\3A\20\4E\65\74\77\6F\72\6B\2F\31\34\5D\5B\42\72\65\65\64\3A\20\41\63\63\65\70\74\61\62\6C\65\5D\5B\33\20\70\6B\74\73\2F\32\32\38\20\62\79\74\65\73\20\3C\2D\3E\20\31\20\70\6B\74\73\2F\31\32\38\20\62\79\74\65\73\5D\5B\47
-\6F\6F\64\70\75\74\20\72\61\74\69\6F\3A\20\34\35\2F\36\37\5D\5B\34\2E\33\37\20\73\65\63\5D\5B\48\6F\73\74\6E\61\6D\65\2F\53\4E\49\3A\20\73\69\70\2E\63\79\62\65\72\63\69\74\79\2E\64\6B\5D\5B\32\31\32\2E\32\34\32\2E\33\33\2E\33\35\5D\5B\44\4E
-\53\20\49\64\3A\20\30\78\34\64\33\35\5D\5B\50\4C\41\49\4E\20\54\45\58\54\20\28\63\79\62\65\72\63\69\74\79\29\5D\5B\50\6C\65\6E\20\42\69\6E\73\3A\20\30\2C\37\35\2C\32\35\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30
-\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\2C\30\5D\0A\09\32\38\09\55\44\50\20\32\30\38\2E
-\32\34\32\2E\33\33\2E\33\35\3A\35\30\36\30\20\2D\3E\20\31\39\32\2E\31\36\38\2E\31\2E\32\3A\35\30\36\30\20\5B\70\72\6F\74\6F\3A\20\31\30\30\2F\53\49\50\5D\5B\53\74\61\63\6B\3A\20\53\49\50\5D\5B\49\50\3A\20\30\2F\55\6E\6B\6E\6F\77\6E\5D\5B\43
-\6C\65\61\72\54\65\78\74\5D\5B\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\46\50\43\3A\20\31\30\30\2F\53\49\50\2C\20\43\6F\6E\66\69\64\65\6E\63\65\3A\20\44\50\49\5D\5B\44\50\49\20\70\61\63\6B\65\74\73\3A\20\31\5D\5B\63\61\74\3A\20\56
-\6F\49\50\2F\31\30\5D\5B\42\72\65\65\64\3A\20\41\63\63\65\70\74\61\62\6C\65\5D\5B\31\20\70\6B\74\73\2F\33\34\38\20\62\79\74\65\73\20\2D\3E\20\30\20\70\6B\74\73\2F\30\20\62\79\74\65\73\5D\5B\47\6F\6F\64\70\75\74\20\72\61\74\69\6F\3A\20\38\38
-\2F\30\5D\5B\3C\20\31\20\73\65\63\5D\5B\53\49\50\20\46\72\6F\6D\3A\20\3C\73\69\70\46\76\6F\69\31\38\30\36\33\40\F3ip.cybercity.dk>;tag=8e948b0][SIP To: <sip:voi18063@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	24	UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" <sip:816666@vSip.brurju…a.net>;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060-5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	25	UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" <sip:35104ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	26	UDP 192.168.1.2:2795 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.36 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][DNS Id: 0xe2ef][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	27	UDP 192.168.1.2:2830 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.37 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][DNS Id: 0x4d35][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	28	UDP 208.242.33.35:5060 -> 192.168.1.2:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: <sipFvoi18063@óip.cybercity.dk>;tag=8e948b0][SIP To: <sip:voi18063@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 192.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x7dda][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x2cdf][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Header][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	31	UDP 192.168.1.2:2742 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0xb3c0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -260,7 +243,7 @@ System                         109 10824         29
 	193	UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.1?7.in-addr.arpa][0.0.0.0][DNS Id: 0x0c08][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	194	UDP 192.168.1.2:2828 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x3c32][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	195	UDP 192.168.1.18:2751 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0x1aca][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-      196     UDP 192.168.1.57:2771 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.][0.0.0.0][DNS Id: 0xfde0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	196	UDP 192.168.1.57:2771 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.][0.0.0.0][DNS Id: 0xfde0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	197	UDP 192.168.1.110:2765 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x68fd][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	198	UDP 192.168.33.2:2782 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0x4fe4][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	199	UDP 200.168.1.2:2735 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-adds.arpa][0.0.0.0][DNS Id: 0xf3db][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From ef75ec2f2a0f0e4843b1ae95a6aa6c264698ed79 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Sun, 17 Aug 2025 12:25:13 +0200
Subject: [PATCH 06/16] Included ndpi_define.h

---
 src/lib/protocols/dns.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index a058b0e1c55..f0c31d491df 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -20,6 +20,7 @@
  * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
+#include "ndpi_define.h"
 
 #include "ndpi_protocol_ids.h"
 

From 806ce0b227de66769ebb329a9c1799a3b48b4f92 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Sun, 17 Aug 2025 13:06:01 +0200
Subject: [PATCH 07/16] Restyled dns.c: no continues, no early returns

---
 src/lib/protocols/dns.c | 132 ++++++++++++++++++++--------------------
 1 file changed, 65 insertions(+), 67 deletions(-)

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index f0c31d491df..08411cd4ec6 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -516,14 +516,14 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
               x = orig_x;
               found = 1;
               if(proto->master_protocol == NDPI_PROTOCOL_MDNS && len > 0) {
-                if((data = ndpi_malloc(len + 1)) == NULL) {
+                if((data = ndpi_malloc(len + 1)) != NULL) {
+                  memcpy(data, flow->protos.dns.ptr_domain_name, len);
+                  data[len] = '\0';
+                } else {
 #ifdef DNS_DEBUG
                   printf("[DNS] Out of memory\n");
 #endif
-                  return -1; /* todo: either continue or fail */
                 }
-                memcpy(data, flow->protos.dns.ptr_domain_name, len);
-                data[len] = '\0';
               }
             }
           }
@@ -580,49 +580,49 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
             /* We alloc more space than needed since we need space for separators.
              * Also notice TXT fields don't use name compression, so we base our size
              * on data_len. */
-            if((data = ndpi_malloc(data_len + (sep_len * data_len) + 1)) == NULL) {
-#ifdef DNS_DEBUG
-              printf("[DNS] Out of memory\n");
-#endif
-              return -1; /* todo: maybe this is not the correct behavior */
-            }
-            u_int x_orig = x;
-            data[0] = 0; /* it surely exists due to its size being minimum 1 (if data_len = 0) */
-            int is_invalid = 1;
-
-            size_t bytes_read = 0;
-            size_t data_offset = 0;
-
-            while(bytes_read < data_len) {
-              u_int8_t txt_subfield_len = packet->payload[x_orig++];
-              bytes_read++;
-
-              is_invalid = txt_subfield_len + bytes_read > data_len ||
-                           txt_subfield_len > packet->payload_packet_len - x_orig;
-              if(is_invalid) {
-                ndpi_free(data);
-                /* todo: this is a malformed DNS packet, maybe set_risk here */
-                break;
-              }
-              if(txt_subfield_len == 0) {
-                /* todo: maybe "txt subfield with zero len" can be a minor issue risk */
-                continue; /* nothing to do for an empty string */
-              }
+            if((data = ndpi_malloc(data_len + (sep_len * data_len) + 1)) != NULL) {
+              u_int x_orig = x;
+              data[0] = 0; /* it surely exists due to its size being minimum 1 (if data_len = 0) */
+              int is_invalid = 1;
+
+              size_t bytes_read = 0;
+              size_t data_offset = 0;
+
+              while(bytes_read < data_len) {
+                u_int8_t txt_subfield_len = packet->payload[x_orig++];
+                bytes_read++;
+
+                is_invalid = txt_subfield_len + bytes_read > data_len ||
+                             txt_subfield_len > packet->payload_packet_len - x_orig;
+                if(is_invalid) {
+                  ndpi_free(data);
+                  /* todo: this is a malformed DNS packet, maybe set_risk here */
+                  break;
+                }
+                if(txt_subfield_len == 0) {
+                  /* todo: maybe "txt subfield with zero len" can be a minor issue risk */
+                  continue; /* nothing to do for an empty string */
+                }
 
-              memcpy(data + data_offset, &packet->payload[x_orig], txt_subfield_len);
-              data_offset += txt_subfield_len;
-              memcpy(data + data_offset, sep, sep_len);
-              data_offset += sep_len;
+                memcpy(data + data_offset, &packet->payload[x_orig], txt_subfield_len);
+                data_offset += txt_subfield_len;
+                memcpy(data + data_offset, sep, sep_len);
+                data_offset += sep_len;
 
-              x_orig += txt_subfield_len;
-              bytes_read += txt_subfield_len;
-            }
-            if(!is_invalid) {  /* check needed because *data might point to deallocated memory */
-              if(data_offset >= sep_len) { /* if the while cycle didn't do any iteration, data_offset is 0 */
-                data[data_offset - sep_len] = 0; /* - sep_len removes the last separator */
-              } else {
-                data[data_offset] = 0;
+                x_orig += txt_subfield_len;
+                bytes_read += txt_subfield_len;
+              }
+              if(!is_invalid) {  /* check needed because *data might point to deallocated memory */
+                if(data_offset >= sep_len) { /* if the while cycle didn't do any iteration, data_offset is 0 */
+                  data[data_offset - sep_len] = 0; /* - sep_len removes the last separator */
+                } else {
+                  data[data_offset] = 0;
+                }
               }
+            } else {
+#ifdef DNS_DEBUG
+              printf("[DNS] Out of memory\n");
+#endif
             }
           }
         } else if(rsp_type == 0x21 /* SRV */) {
@@ -632,31 +632,30 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
             srv_port = ntohs(*(u_int16_t*)&packet->payload[x_orig]);
             x_orig += 2; /* skip port */
 
-            if(srv_port == 0) {
-              /* todo: this is malformed since ports can't be zero, maybe set_risk here */
-              continue;
-            }
-            /* Target might use compression, and we can't determine its length a priori,
-             * so unfortunately we need to first find it and then copy it */
-            char target[255];
-            u_int target_len = 0;
-
-            if(ndpi_grab_dns_name(packet, &x_orig, target, sizeof(target),
-                &target_len, ignore_checks) == 0) {
-              /* todo: maybe set_risk here, malformed name */
-              continue;
-            }
-            if(target_len <= 0) { /* name is good but contains nothing */
-              continue;
-            }
-            if((data = ndpi_malloc(target_len + 1)) == NULL) {
+            if(srv_port != 0) {
+              /* Target might use compression, and we can't determine its length a priori,
+               * so unfortunately we need to first find it and then copy it */
+              char target[255];
+              u_int target_len = 0;
+
+              if(ndpi_grab_dns_name(packet, &x_orig, target, sizeof(target),
+                  &target_len, ignore_checks)) {
+                if(target_len > 0) {
+                  if((data = ndpi_malloc(target_len + 1)) != NULL) {
+                    memcpy(data, target, target_len);
+                    data[target_len] = 0;
+                  } else {
 #ifdef DNS_DEBUG
-              printf("[DNS] Out of memory\n");
+                  printf("[DNS] Out of memory\n");
 #endif
-              return -1; /* todo: maybe this is not the correct behavior */
+                  }
+                }
+              } else {
+                /* todo: maybe set_risk here, malformed name */
+              }
+            } else {
+              /* todo: this is malformed since ports can't be zero, maybe set_risk here */
             }
-            memcpy(data, target, target_len);
-            data[target_len] = 0;
           }
         }
 
@@ -673,7 +672,6 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
 #ifdef DNS_DEBUG
             printf("[DNS] Out of memory\n");
 #endif
-            /* todo: maybe return */
           }
       }
     }

From c811253f514e5643db909fdedc8de5cace5772d1 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Mon, 15 Sep 2025 12:22:05 +0200
Subject: [PATCH 08/16] Fix unit tests

---
 tests/cfgs/default/result/anyconnect-vpn.pcap.out    |  6 +++---
 .../default/result/fuzz-2006-06-26-2594.pcap.out     | 12 ++++++------
 tests/cfgs/default/result/telegram.pcap.out          |  4 ++--
 tests/cfgs/default/result/wa_voice.pcap.out          |  2 +-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
index 65811508658..911d5ea0c46 100644
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -72,8 +72,8 @@ JA Host Stats:
 	12	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
 	13	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	15	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	16	TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	16	TCP 10.0.0.227:56915 <-> 52.37.243.173:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][22.76 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 3340/3011 10636/10673 4210/3967][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	UDP 10.0.0.213:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3600s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 132/0 161/0 186/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 10.0.0.151:1900 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/1412 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][2.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	TCP 10.0.0.227:56881 <-> 162.222.43.153:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][6 pkts/762 bytes <-> 6 pkts/396 bytes][Goodput ratio: 48/0][0.05 sec][bytes ratio: 0.316 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 82/66 127/66 292/66 75/0][Plen Bins: 50,33,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -85,7 +85,7 @@ JA Host Stats:
 	25	UDP 10.0.0.149:50081 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 10.0.0.149:51382 -> 10.0.0.227:57547 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/556 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	27	UDP 10.0.0.227:5353 -> 10.0.0.213:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 20 rsp_type: PTR data: _companion-link._tcp.local advertised lp-rkerur-osx (9)._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/548 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][12.10 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	28	TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	28	TCP 10.0.0.227:56879 <-> 52.10.115.210:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][4 pkts/342 bytes <-> 2 pkts/202 bytes][Goodput ratio: 23/34][0.61 sec][bytes ratio: 0.257 (Upload)][IAT c2s/s2c min/avg/max/stddev: 33/574 203/574 541/574 239/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/101 86/101 105/101 20/0][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][DNS Id: 0x1090][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	31	TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][Stack: AJP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index b0353976ea0..411c13784f2 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -14,7 +14,7 @@ LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/66/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 LRU cache fpc_dns:    0/66/0 (insert/search/found)
-Automa host:          239/0 (search/found)
+Automa host:          471/0 (search/found)
 Automa domain:        232/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     16/0 (search/found)
@@ -59,7 +59,7 @@ System                         109 10824         29
 	9	UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][8.51 sec][Hostname/SNI: lab111][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	10	UDP 192.168.1.41:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][7 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][13.52 sec][Hostname/SNI: workgroup][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 751/0 2253/0 4255/0 1348/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	UDP 212.242.33.35:5060 -> 192.37.115.0:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:35104723@sip.cybercity.dk>;tag=3a2d0dc][SIP To: <sip:35104723@sip.cybercit4.dk>;tag=00-94%s][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	12	UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18062@sip.cybercity.dõ>;tag=6d540a5][SIP To: <sip:voi18062@sip.cybercitysdk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	12	UDP 192.168.1.2:20932 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18062@sip.cybercity.dõ>;tag=6d540a5][SIP To: <sip:voi18062@sip.cybercitysdk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	13	UDP 192.168.1.52:5060 -> 212.242.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:voi18063@sip.cybercity.dk>;tag=903df0a][SIP To: <sip:voi180%s][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	UDP 192.168.1.2:5060 -> 212.234.33.35:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/506 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][SIP From: <sip:35104723@sip.cybercity.dk>;tag=87971a][SIP To: <sip:35104723@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Hostname/SNI: d002465][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -69,13 +69,13 @@ System                         109 10824         29
 	19	UDP 192.168.1.2:2806 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.qk][0.0.0.0][DNS Id: 0x821b][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][PLAIN TEXT (bercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.1.2:2825 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x5d0d][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.584 (Executable?)][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	22	UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" <sip:8166j6@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.hrujula.neô>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	22	UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" <sip:8166j6@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.hrujula.neô>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 192.169.1.2:5060 -> 200.68.120.81:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	24	UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" <sip:816666@vSip.brurjuÂ…a.net>;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060-5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	25	UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" <sip:35104ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	24	UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" <sip:816666@vSip.brurju…a.net>;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060-5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	25	UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" <sip:35104ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 192.168.1.2:2795 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.36 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][DNS Id: 0xe2ef][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	27	UDP 192.168.1.2:2830 <-> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.37 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][DNS Id: 0x4d35][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	28	UDP 208.242.33.35:5060 -> 192.168.1.2:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: <sipFvoi18063@óip.cybercity.dk>;tag=8e948b0][SIP To: <sip:voi18063@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	28	UDP 208.242.33.35:5060 -> 192.168.1.2:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: <sipFvoi18063@óip.cybercity.dk>;tag=8e948b0][SIP To: <sip:voi18063@sip.cybercity.dk>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	29	UDP 192.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x7dda][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x2cdf][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Header][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	31	UDP 192.168.1.2:2742 -> 192.168.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0xb3c0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out
index 4223316b74a..9e0f89c68fb 100644
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@@ -53,8 +53,8 @@ Music                            9 742           2
 	5	UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 0s rdatalength: 31 rsp_type: PTR data: _dacp._tcp.local advertised itunes_ctrl_4abb39a41eefdeb3._dacp._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][12 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][54.99 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4886/0 4987/0 5017/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	7	UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 4500s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	8	UDP 192.168.1.77:50822 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
-	9	UDP 192.168.1.77:61974 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
+	8	UDP 192.168.1.77:50822 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
+	9	UDP 192.168.1.77:61974 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Hostname/SNI: www.google.com][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q046][Idle Timeout: 30][PLAIN TEXT (www.google.com)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
 	10	UDP 192.168.1.77:28150 <-> 91.108.16.3:537 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1410 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 61/64][14.14 sec][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/27 368/1416 1577/10001 452/3058][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 108/115 138/138 25/15][Plen Bins: 0,24,48,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	11	UDP 192.168.1.77:28150 <-> 91.108.12.3:530 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.12 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/17 407/439 1556/1278 452/379][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	12	UDP 192.168.1.77:28150 <-> 91.108.12.5:537 [proto: 185/Telegram][Stack: Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 7][cat: Chat/9][Breed: Acceptable][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.10 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/31 405/436 1542/1278 447/377][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15][Plen Bins: 0,25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out
index a4611048c95..7d7b1f94f7e 100644
--- a/tests/cfgs/default/result/wa_voice.pcap.out
+++ b/tests/cfgs/default/result/wa_voice.pcap.out
@@ -74,7 +74,7 @@ JA Host Stats:
 	14	UDP 192.168.2.12:64716 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][4 pkts/671 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][9.04 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][MDNS advertised services (found 1) - rsp_class: 1 ttl: 3477s rdatalength: 16 rsp_type: PTR data: _companion-link._tcp.local advertised luca’s imac._companion-link._tcp.local][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	17	TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	ICMP 192.168.2.12:0 -> 91.252.56.51:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.2.12:55296 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.03 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][31.13.86.51][DNS Id: 0x3369][PLAIN TEXT (whatsapp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.2.12:60549 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/76 bytes <-> 1 pkts/117 bytes][Goodput ratio: 44/64][0.04 sec][Hostname/SNI: pps.whatsapp.net][157.240.20.52][DNS Id: 0x7f1f][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From 4a0e2344875904d59447cb33480946c06f50b3fb Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Mon, 15 Sep 2025 14:09:11 +0200
Subject: [PATCH 09/16] Added infinite recursion protection with a bitmap

---
 src/lib/protocols/dns.c | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 177692a8b86..7f70f80195d 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -237,11 +237,12 @@ static u_int64_t fpc_dns_cache_key_from_packet(const unsigned char *ip, int ip_l
 
 /* *********************************************** */
 
-static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
+static u_int8_t ndpi_grab_dns_name_internal(struct ndpi_packet_struct *packet,
 				   u_int *off /* payload offset */,
 				   char *_hostname, u_int max_len,
 				   u_int *_hostname_len,
-				   u_int8_t ignore_checks) {
+				   u_int8_t ignore_checks,
+				   ndpi_bitmap *bitmap) {
   u_int8_t hostname_is_valid = 1;
   u_int j = 0;
 
@@ -265,13 +266,20 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
        * since it's checked in the recursive call */
       u_int32_t ptr = ((cl & 0x3F) << 8 | byte2) + (packet->tcp ? 2 : 0);
 
+      if (ndpi_bitmap_isset(bitmap, ptr)) {
+        // TODO: malformed packet since there is a recursive name, maybe set_risk here
+        return 0;
+      }
+
+      ndpi_bitmap_set(bitmap, ptr);
+
       if (j && j < max_len) {
         _hostname[j++] = '.';
       }
 
       u_int nested_len;
-      hostname_is_valid = ndpi_grab_dns_name(packet, &ptr, &_hostname[j], max_len - j,
-        &nested_len, ignore_checks) && hostname_is_valid;
+      hostname_is_valid = ndpi_grab_dns_name_internal(packet, &ptr, &_hostname[j], max_len - j,
+        &nested_len, ignore_checks, bitmap) && hostname_is_valid;
 
       j += nested_len;
       /* compressed names are always terminal */
@@ -322,6 +330,18 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
   return(hostname_is_valid);
 }
 
+static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
+           u_int *off /* payload offset */,
+           char *_hostname, u_int max_len,
+           u_int *_hostname_len,
+           u_int8_t ignore_checks) {
+  ndpi_bitmap *visited_indexes = ndpi_bitmap_alloc();
+  const int hostname_is_valid = ndpi_grab_dns_name_internal(packet, off, _hostname, max_len,
+              _hostname_len, ignore_checks, visited_indexes);
+  ndpi_bitmap_free(visited_indexes);
+  return hostname_is_valid;
+}
+
 /* *********************************************** */
 
 static int add_to_mdns_metadata(struct ndpi_flow_struct *flow,
@@ -595,7 +615,6 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
                 is_invalid = txt_subfield_len + bytes_read > data_len ||
                              txt_subfield_len > packet->payload_packet_len - x_orig;
                 if(is_invalid) {
-                  ndpi_free(data);
                   /* todo: this is a malformed DNS packet, maybe set_risk here */
                   break;
                 }
@@ -612,7 +631,10 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
                 x_orig += txt_subfield_len;
                 bytes_read += txt_subfield_len;
               }
-              if(!is_invalid) {  /* check needed because *data might point to deallocated memory */
+              if(is_invalid) {
+                ndpi_free(data);
+                data = NULL;
+              } else {
                 if(data_offset >= sep_len) { /* if the while cycle didn't do any iteration, data_offset is 0 */
                   data[data_offset - sep_len] = 0; /* - sep_len removes the last separator */
                 } else {
@@ -998,6 +1020,7 @@ static int process_hostname(struct ndpi_detection_module_struct *ndpi_struct,
 }
 
 static void search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
+  printf("Packet---\n");
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   int payload_offset = 0;
   u_int8_t is_query;

From 7cc1c511c2a6cbfe77def3cccd593036e534a1c3 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Mon, 15 Sep 2025 14:11:19 +0200
Subject: [PATCH 10/16] typo

---
 src/lib/protocols/dns.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 7f70f80195d..f8fcb0fecd1 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -1020,7 +1020,6 @@ static int process_hostname(struct ndpi_detection_module_struct *ndpi_struct,
 }
 
 static void search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
-  printf("Packet---\n");
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   int payload_offset = 0;
   u_int8_t is_query;

From 95d354ce2f8d3d610d63bb8c16a671f7df8937d7 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Mon, 15 Sep 2025 19:47:43 +0200
Subject: [PATCH 11/16] Fixed unusued imports + typo

---
 example/ndpiReader.c        | 1 -
 example/reader_util.c       | 2 --
 src/include/ndpi_typedefs.h | 2 +-
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index f9f68afd290..a5ffffffc71 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -33,7 +33,6 @@
 #include <getopt.h>
 #include <float.h> /* FLT_EPSILON */
 
-#include "../src/include/ndpi_typedefs.h"
 #ifdef WIN32
 #include <winsock2.h> /* winsock.h is included automatically */
 #include <windows.h>
diff --git a/example/reader_util.c b/example/reader_util.c
index b7799c8ddb1..93076d34ac2 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -28,8 +28,6 @@
 #include <math.h>
 #include <float.h>
 
-#include "../src/include/ndpi_typedefs.h"
-
 #ifdef WIN32
 #include <winsock2.h> /* winsock.h is included automatically */
 #include <windows.h>
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 80c6bc1ec71..cd9a26aec89 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1767,7 +1767,7 @@ _Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 264,
                "Size of the struct member protocols increased to more than 264 bytes, "
                "please check if this change is necessary.");
 _Static_assert(sizeof(struct ndpi_flow_struct) <= 1232,
-               "Size of the flow struct increased to more than 1408 bytes, "
+               "Size of the flow struct increased to more than 1232 bytes, "
                "please check if this change is necessary.");
 #endif
 #endif

From f5a836d758cdf05e4cce729c4ac39ff3fd9ca39f Mon Sep 17 00:00:00 2001
From: Ivan Nardi <nardi.ivan@gmail.com>
Date: Mon, 15 Sep 2025 19:55:56 +0200
Subject: [PATCH 12/16] Remove another useless include

---
 src/lib/ndpi_main.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index fcb94cd5247..3b0ce296295 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -22,8 +22,6 @@
 #include <errno.h>
 #include <sys/types.h>
 
-#include "../include/ndpi_typedefs.h"
-
 #ifdef __APPLE__
 #include <netinet/ip.h>
 #endif

From d2e2594c789fd7b2d7de7c1b0f246f7a4737656b Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Mon, 15 Sep 2025 20:31:59 +0200
Subject: [PATCH 13/16] Fixed uninitialized variable

---
 src/lib/protocols/dns.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index f8fcb0fecd1..c391ab2e4df 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -267,7 +267,7 @@ static u_int8_t ndpi_grab_dns_name_internal(struct ndpi_packet_struct *packet,
       u_int32_t ptr = ((cl & 0x3F) << 8 | byte2) + (packet->tcp ? 2 : 0);
 
       if (ndpi_bitmap_isset(bitmap, ptr)) {
-        // TODO: malformed packet since there is a recursive name, maybe set_risk here
+        // TODO: malformed packet since there is an infinite loop compressed name, maybe set_risk here
         return 0;
       }
 
@@ -277,7 +277,7 @@ static u_int8_t ndpi_grab_dns_name_internal(struct ndpi_packet_struct *packet,
         _hostname[j++] = '.';
       }
 
-      u_int nested_len;
+      u_int nested_len = 0;
       hostname_is_valid = ndpi_grab_dns_name_internal(packet, &ptr, &_hostname[j], max_len - j,
         &nested_len, ignore_checks, bitmap) && hostname_is_valid;
 
@@ -335,11 +335,18 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet,
            char *_hostname, u_int max_len,
            u_int *_hostname_len,
            u_int8_t ignore_checks) {
-  ndpi_bitmap *visited_indexes = ndpi_bitmap_alloc();
-  const int hostname_is_valid = ndpi_grab_dns_name_internal(packet, off, _hostname, max_len,
-              _hostname_len, ignore_checks, visited_indexes);
-  ndpi_bitmap_free(visited_indexes);
-  return hostname_is_valid;
+  ndpi_bitmap *visited_indexes;
+  if ((visited_indexes = ndpi_bitmap_alloc()) != NULL) {
+    const int hostname_is_valid = ndpi_grab_dns_name_internal(packet, off, _hostname, max_len,
+                _hostname_len, ignore_checks, visited_indexes);
+    ndpi_bitmap_free(visited_indexes);
+    return hostname_is_valid;
+  }
+  *_hostname_len = 0;
+#ifndef DNS_DEBUG
+  printf("[DNS] Out of memory\n");
+#endif
+  return 0;
 }
 
 /* *********************************************** */

From ed30eb466de480ce5bfb1411e6f3642e3d161816 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Tue, 16 Sep 2025 11:59:58 +0200
Subject: [PATCH 14/16] Fixed a malloc check in reader_util.c

---
 example/reader_util.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/example/reader_util.c b/example/reader_util.c
index 93076d34ac2..3d9d0084151 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1641,17 +1641,19 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     flow->mdns_metadata.services = ndpi_malloc(
       sizeof(struct ndpi_mdns_rsp_entry) * flow->mdns_metadata.num_services);
 
-    for(int idx = 0; idx < flow->mdns_metadata.num_services; ++idx) {
-      struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[idx];
-      struct ndpi_mdns_rsp_entry *reference = &flow->ndpi_flow->mdns_metadata.services[idx];
-
-      service->rsp_type = reference->rsp_type;
-      service->rsp_class = reference->rsp_class;
-      service->ttl = reference->ttl;
-      service->data_len = reference->data_len;
-      service->name = ndpi_strdup(reference->name);
-      service->data = ndpi_strdup(reference->data);
-      service->srv_port = reference->srv_port;
+    if (flow->mdns_metadata.services) {
+      for(int idx = 0; idx < flow->mdns_metadata.num_services; ++idx) {
+        struct ndpi_mdns_rsp_entry *service = &flow->mdns_metadata.services[idx];
+        struct ndpi_mdns_rsp_entry *reference = &flow->ndpi_flow->mdns_metadata.services[idx];
+
+        service->rsp_type = reference->rsp_type;
+        service->rsp_class = reference->rsp_class;
+        service->ttl = reference->ttl;
+        service->data_len = reference->data_len;
+        service->name = ndpi_strdup(reference->name);
+        service->data = ndpi_strdup(reference->data);
+        service->srv_port = reference->srv_port;
+      }
     }
   }
 

From d4eed2c811f13856016174c8e62c2265d7648b38 Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Wed, 17 Sep 2025 15:11:26 +0200
Subject: [PATCH 15/16] Fixed memory leak and made a more robust freeing policy

---
 example/reader_util.c   | 4 ++--
 src/lib/protocols/dns.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/example/reader_util.c b/example/reader_util.c
index 3d9d0084151..a6ec7bcb8be 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -619,8 +619,8 @@ void ndpi_flow_info_free_data(struct ndpi_flow_info *flow) {
 
 
   for(int i = 0; i < flow->mdns_metadata.num_services; ++i) {
-    ndpi_free(flow->mdns_metadata.services[i].name);
-    ndpi_free(flow->mdns_metadata.services[i].data);
+    if (flow->mdns_metadata.services[i].name) ndpi_free(flow->mdns_metadata.services[i].name);
+    if (flow->mdns_metadata.services[i].data) ndpi_free(flow->mdns_metadata.services[i].data);
   }
   if(flow->mdns_metadata.services) ndpi_free(flow->mdns_metadata.services);
 }
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index c391ab2e4df..1ebc3c8804a 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -356,8 +356,8 @@ static int add_to_mdns_metadata(struct ndpi_flow_struct *flow,
                                 u_int16_t data_len, u_int16_t srv_port, char *data,
                                 u_int16_t name_len, const char *name) {
   if(flow->mdns_metadata.services == NULL) {
-    if((flow->mdns_metadata.services = ndpi_malloc(
-      sizeof(struct ndpi_mdns_rsp_entry) * MAX_NUM_MDNS_ADVERTISED_SERVICES)) == NULL) {
+    if((flow->mdns_metadata.services = ndpi_calloc(
+      MAX_NUM_MDNS_ADVERTISED_SERVICES, sizeof(struct ndpi_mdns_rsp_entry))) == NULL) {
       return -1;
     }
   }

From cbdbd8f9c188a40c7953430bf2706850323275ae Mon Sep 17 00:00:00 2001
From: Gianla <gianlaaaa@gmail.com>
Date: Wed, 17 Sep 2025 15:15:31 +0200
Subject: [PATCH 16/16] Other files for the previous commit

---
 example/reader_util.c   | 11 ++++++-----
 src/lib/ndpi_main.c     |  6 +++---
 src/lib/protocols/dns.c |  9 +++++++--
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/example/reader_util.c b/example/reader_util.c
index a6ec7bcb8be..f733553038b 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -617,12 +617,13 @@ void ndpi_flow_info_free_data(struct ndpi_flow_info *flow) {
   if(flow->risk_str)        ndpi_free(flow->risk_str);
   if(flow->flow_payload)    ndpi_free(flow->flow_payload);
 
-
-  for(int i = 0; i < flow->mdns_metadata.num_services; ++i) {
-    if (flow->mdns_metadata.services[i].name) ndpi_free(flow->mdns_metadata.services[i].name);
-    if (flow->mdns_metadata.services[i].data) ndpi_free(flow->mdns_metadata.services[i].data);
+  if (flow->mdns_metadata.services) {
+    for(int i = 0; i < flow->mdns_metadata.num_services; i++) {
+      if (flow->mdns_metadata.services[i].name) ndpi_free(flow->mdns_metadata.services[i].name);
+      if (flow->mdns_metadata.services[i].data) ndpi_free(flow->mdns_metadata.services[i].data);
+    }
+    ndpi_free(flow->mdns_metadata.services);
   }
-  if(flow->mdns_metadata.services) ndpi_free(flow->mdns_metadata.services);
 }
 
 /* ***************************************************** */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 3b0ce296295..eab9dff1d82 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -7831,10 +7831,10 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) {
     if(flow->tls_quic.obfuscated_heur_state)
       ndpi_free(flow->tls_quic.obfuscated_heur_state);
 
-  	if(flow->mdns_metadata.num_services > 0) {
+  	if (flow->mdns_metadata.services) {
   	  for(int i = 0; i < flow->mdns_metadata.num_services; i++) {
-  	  	ndpi_free(flow->mdns_metadata.services[i].name);
-  	  	ndpi_free(flow->mdns_metadata.services[i].data);
+        if (flow->mdns_metadata.services[i].name) ndpi_free(flow->mdns_metadata.services[i].name);
+        if (flow->mdns_metadata.services[i].data) ndpi_free(flow->mdns_metadata.services[i].data);
   	  }
   	  ndpi_free(flow->mdns_metadata.services);
   	}
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 1ebc3c8804a..a7c30e6557b 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -675,7 +675,7 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
                     data[target_len] = 0;
                   } else {
 #ifdef DNS_DEBUG
-                  printf("[DNS] Out of memory\n");
+                    printf("[DNS] Out of memory\n");
 #endif
                   }
                 }
@@ -691,7 +691,8 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
         x += data_len;
       }
 
-      if(proto->master_protocol == NDPI_PROTOCOL_MDNS && data != NULL) {
+      if (data != NULL) {
+        if(proto->master_protocol == NDPI_PROTOCOL_MDNS) {
           if(name_len <= 0 ||
             flow->mdns_metadata.num_services >= MAX_NUM_MDNS_ADVERTISED_SERVICES) {
             /* info was useless or we reached the limit */
@@ -701,7 +702,11 @@ static int process_answers(struct ndpi_detection_module_struct *ndpi_struct,
 #ifdef DNS_DEBUG
             printf("[DNS] Out of memory\n");
 #endif
+            /* if calloc/malloc fails inside add_to_mdns_metadata(), num_services won't be incremented.
+             * So we need to free data now, otherwise it will never be. */
+            ndpi_free(data);
           }
+        }
       }
     }