ntop
diff --git a/‎doc/protocols.rst
Lines changed: 9 additions & 0 deletions b/‎doc/protocols.rst
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/include/ndpi_protocol_ids.h
Lines changed: 1 addition & 0 deletions b/‎src/include/ndpi_protocol_ids.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/include/ndpi_protocols.h
Lines changed: 1 addition & 0 deletions b/‎src/include/ndpi_protocols.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/lib/ndpi_main.c
Lines changed: 7 additions & 0 deletions b/‎src/lib/ndpi_main.c
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/lib/protocols/rmcp.c
Lines changed: 98 additions & 0 deletions b/‎src/lib/protocols/rmcp.c
Lines changed: 98 additions & 0 deletions
diff --git a/‎tests/cfgs/caches_cfg/result/teams.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/caches_cfg/result/teams.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/pcap/rmcp.pcap
500 Bytes b/‎tests/cfgs/default/pcap/rmcp.pcap
500 Bytes
diff --git a/‎tests/cfgs/default/result/1kxun.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/1kxun.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/4in4tunnel.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/4in4tunnel.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/6in6tunnel.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/6in6tunnel.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/EAQ.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/EAQ.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/KakaoTalk_talk.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/KakaoTalk_talk.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/adult_content.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/adult_content.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/anyconnect-vpn.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/anyconnect-vpn.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/collectd.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/collectd.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
Lines changed: 3 additions & 3 deletions b/‎tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
Lines changed: 3 additions & 3 deletions
diff --git a/‎tests/cfgs/default/result/dhcp-fuzz.pcapng.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/dhcp-fuzz.pcapng.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/discord.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/discord.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/discord_mid_flow.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/discord_mid_flow.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/dnscrypt-v2.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/dnscrypt-v2.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/epicgames.pcapng.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/epicgames.pcapng.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/geforcenow.pcapng.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/geforcenow.pcapng.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/gnutella.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/gnutella.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/gtp_false_positive.pcapng.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/gtp_false_positive.pcapng.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/h323.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/h323.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/http_ipv6.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/http_ipv6.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/imo.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/imo.pcap.out
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/cfgs/default/result/instagram.pcap.out
Lines changed: 1 addition & 1 deletion b/‎tests/cfgs/default/result/instagram.pcap.out
Lines changed: 1 addition & 1 deletion
@@ -139,3 +139,12 @@ Notes:
 HAProxy is a free and open source software that provides a high availability load balancer and reverse proxy for TCP and HTTP-based applications that spreads requests across multiple servers.
 
 References: `Main site: <https://www.haproxy.org>`_.
+
+
+.. _Proto 351:
+
+`NDPI_PROTOCOL_RMCP`
+====================
+The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or UEFI) and operating system.
+
+References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards/documents/DSP0114.pdf>`_.
@@ -379,6 +379,7 @@ typedef enum {
   NDPI_PROTOCOL_MULLVAD               = 348,
   NDPI_PROTOCOL_HTTP2                 = 349,
   NDPI_PROTOCOL_HAPROXY               = 350,
+  NDPI_PROTOCOL_RMCP                  = 351,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
 
@@ -246,6 +246,7 @@ void init_apache_thrift_dissector(struct ndpi_detection_module_struct *ndpi_stru
 void init_slp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_http2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_haproxy_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_rmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 
 /* ndpi_main.c */
 extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port);
 
@@ -2159,6 +2159,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
               "HAProxy", NDPI_PROTOCOL_CATEGORY_WEB,
               ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
               ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_RMCP,
+              "RMCP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
+              ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+              ndpi_build_default_ports(ports_b, 623, 0, 0, 0, 0) /* UDP */);
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
@@ -5236,6 +5240,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* HAProxy */
   init_haproxy_dissector(ndpi_str, &a);
 
+  /* RMCP */
+  init_rmcp_dissector(ndpi_str, &a);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif
 
@@ -0,0 +1,98 @@
+/*
+ * rmcp.c
+ *
+ * Copyright (C) 2023 - ntop.org
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RMCP
+
+#include "ndpi_api.h"
+
+struct rmcp_header {
+  uint8_t version;
+  uint8_t reserved;
+  uint8_t sequence;
+#if defined(__BIG_ENDIAN__)
+  uint8_t type : 1; // Either Normal RMCP (0) or ACK (1)
+  uint8_t class : 7;
+#elif defined(__LITTLE_ENDIAN__)
+  uint8_t class : 7;
+  uint8_t type : 1; // Either Normal RMCP (0) or ACK (1)
+#else
+#error "Missing endian macro definitions."
+#endif
+};
+
+static void ndpi_int_rmcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
+                                         struct ndpi_flow_struct *flow)
+{
+  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RMCP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+}
+
+static void ndpi_search_rmcp(struct ndpi_detection_module_struct *ndpi_struct,
+                             struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search RMCP\n");
+
+  if (packet->payload_packet_len < sizeof(struct rmcp_header)) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
+
+  struct rmcp_header const * const rmcp_header = (struct rmcp_header *)packet->payload;
+
+  if (rmcp_header->version != 0x06 || rmcp_header->reserved != 0x00) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
+
+  if (rmcp_header->type != 0 && rmcp_header->sequence == 0xFF) {
+    // No ACK allowed if SEQUENCE number is 255.
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
+
+  if (rmcp_header->class != 0x06 /* Alert Standard Forum (ASF)*/
+      && rmcp_header->class != 0x07 /* Intelligent Platform Management Interface (IPMI) */)
+  {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
+
+  ndpi_int_rmcp_add_connection(ndpi_struct, flow);
+}
+
+
+void init_rmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
+{
+  ndpi_set_bitmask_protocol_detection("RMCP", ndpi_struct, *id,
+                                      NDPI_PROTOCOL_RMCP,
+                                      ndpi_search_rmcp,
+                                      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+                                      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+                                      ADD_TO_DETECTION_BITMASK);
+
+  *id += 1;
+}
+
@@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI (partial)    : 1 (flows)
 Confidence DPI              : 80 (flows)
-Num dissector calls: 501 (6.04 diss/flow)
+Num dissector calls: 502 (6.05 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4543 (23.06 diss/flow)
+Num dissector calls: 4557 (23.13 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	5	(5.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 177 (177.00 diss/flow)
+Num dissector calls: 178 (178.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 126 (126.00 diss/flow)
+Num dissector calls: 127 (127.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	116	(4.00 pkts/flow)
 Confidence DPI              : 31 (flows)
-Num dissector calls: 4397 (141.84 diss/flow)
+Num dissector calls: 4426 (142.77 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	7	(1.40 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 135 (27.00 diss/flow)
+Num dissector calls: 136 (27.20 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -5,7 +5,7 @@ DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence DPI              : 11 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1079 (53.95 diss/flow)
+Num dissector calls: 1081 (54.05 diss/flow)
 LRU cache ookla:      0/2/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 147 (147.00 diss/flow)
+Num dissector calls: 148 (148.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 861 (12.48 diss/flow)
+Num dissector calls: 862 (12.49 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	13	(1.62 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 408 (51.00 diss/flow)
+Num dissector calls: 411 (51.38 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -24,6 +24,6 @@ CustomProtocolA	3	222	1
 CustomProtocolB	2	148	1
 Unknown	3	222	1
 
-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.357/TLS.CustomProtocolA][IP: 357/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 359/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 358/CustomProtocolB][IP: 358/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.358/TLS.CustomProtocolA][IP: 358/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 360/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 359/CustomProtocolB][IP: 359/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 112 (112.00 diss/flow)
+Num dissector calls: 113 (113.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 DPI Packets (UDP):	60	(1.82 pkts/flow)
 Confidence DPI              : 34 (flows)
-Num dissector calls: 4060 (119.41 diss/flow)
+Num dissector calls: 4087 (120.21 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 147 (147.00 diss/flow)
+Num dissector calls: 148 (148.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	256	(1.04 pkts/flow)
 Confidence DPI              : 245 (flows)
-Num dissector calls: 20591 (84.04 diss/flow)
+Num dissector calls: 20602 (84.09 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/513/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	6	(2.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 381 (127.00 diss/flow)
+Num dissector calls: 384 (128.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 128 (128.00 diss/flow)
+Num dissector calls: 129 (129.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	12	(3.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 598 (149.50 diss/flow)
+Num dissector calls: 602 (150.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 34 (flows)
 Confidence Match by port    : 28 (flows)
 Confidence DPI              : 189 (flows)
-Num dissector calls: 6159 (24.54 diss/flow)
+Num dissector calls: 6197 (24.69 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/192/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -5,7 +5,7 @@ DPI Packets (other):	7	(1.00 pkts/flow)
 Confidence Unknown          : 19 (flows)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 55 (flows)
-Num dissector calls: 1853 (24.06 diss/flow)
+Num dissector calls: 1869 (24.27 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/66/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	7	(7.00 pkts/flow)
 DPI Packets (UDP):	7	(7.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 134 (67.00 diss/flow)
+Num dissector calls: 135 (67.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 389 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 370 (flows)
-Num dissector calls: 42860 (56.39 diss/flow)
+Num dissector calls: 43169 (56.80 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/1170/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	7	(2.33 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
-Num dissector calls: 405 (135.00 diss/flow)
+Num dissector calls: 408 (136.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	2	(2.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 234 (117.00 diss/flow)
+Num dissector calls: 235 (117.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -4,7 +4,7 @@ DPI Packets (TCP):	77	(5.92 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 150 (10.00 diss/flow)
+Num dissector calls: 151 (10.07 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/21/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	7	(3.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 293 (146.50 diss/flow)
+Num dissector calls: 295 (147.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 
@@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 1336 (35.16 diss/flow)
+Num dissector calls: 1337 (35.18 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)