Project

General

Profile

Actions

Support #2905

closed

empty JA3 field

Added by Darren pierre over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

So I've been using Suricata version 4.1.2 and setup my suricata.yaml file so that it will log tls connections.When I tried test it using pcaps that I know have tls connections most of the time it doesn't log any sort of tls connection and when it does the ja3 is empty .I was wondering if there's some kind of bug ?


Files

Capture.PNG (10.7 KB) Capture.PNG tls config Darren pierre, 03/25/2019 07:35 PM
Capturme.PNG (617 Bytes) Capturme.PNG ja3 empty Darren pierre, 03/25/2019 07:38 PM
Actions #1

Updated by Darren pierre over 5 years ago

Disregard this bug issue , the packets don't include a client Hello Packet

Actions #2

Updated by Peter Manev over 5 years ago

  • Tracker changed from Bug to Support
  • Status changed from New to Closed

Closed as requested.

Actions

Also available in: Atom PDF