diff --git a/README.md b/README.md
index 502ef4ff5bf7badee2fc008fda60c6a2a55ef94e..b2a05bdcc8d1219624ecaae1fc4bea16e0c39641 100644
--- a/README.md
+++ b/README.md
@@ -40,8 +40,21 @@ As for the attack scenarios, we used a botnet composed of multiple VMs controlle
 ## 3. Data capture
 To capture the network trafic in our environment, we used Wireshark tool to record the network data in pcap format and used a flow capture tool called CICFlowmeter.
 
-### Packet
-we use the Wireshark tool to record the network data in pcap format. They are available in the GRASEC-IoT gitlab \cite{grasec}. An exemple of features:
+### Packets capture
+we use the Wireshark tool to record the network data in pcap format. They are available in the GRASEC-IoT gitlab \cite{grasec}. An exemple of features (the complete list of 83 features is in the pcap-csv file above):
+
+<div align="center">
+<img src="images/image-5.png" alt="alt text" width="500" />
+</div>
+
+### Flows capture
+we use the CICFlowmeter tool to flow capture. 
+
+<div align="center">
+<img src="images/image-6.png" alt="alt text" width="500" />
+</div>
+
+
 
 <div align="center">
 <img src="images/image-5.png" alt="alt text" width="500" />
diff --git a/images/image-6.png b/images/image-6.png
new file mode 100644
index 0000000000000000000000000000000000000000..09fa7e520b22f0cf27d8fa657d5e1ea1fab22b77
Binary files /dev/null and b/images/image-6.png differ