Under the sub-section "Query Language" on the main README.md there is a flaw in the query language referencing time specific queries. In the BPF subset definitions, underneath "#Stenographer-specific time additions:", the fourth line defines packets after a relative time as "before 3h ago" and should be corrected to "after 3h ago".