awick
commented
4 months ago Looks like JA4S might have similar issues, but I haven't finished the arkime implementation yet.
Closed awick closed 2 months ago
awick
commented
4 months ago Looks like JA4S might have similar issues, but I haven't finished the arkime implementation yet.
noeltimothy
commented
4 months ago Thanks for pointing this out Andy, we have a fix for this.
awick
commented
4 months ago JA4 client looks good, JA4S still has the empty issue for dtls 0 file
noeltimothy
commented
4 months ago Thanks Andy, we have a fix for this. This is now merged into main
https://github.com/arkime/arkime/raw/main/tests/pcap/wireshark-dtls0.pcap version issue and empty should be all 0 right?
arkime: ds1i270000_fd1a708466c1_000000000000 ds1i2700000003,0004,0005,0006,0007,0008,0009,000a,0011,0012,0013,0014,0015,0016,002f,0032,0033,0035,0038,0039,0060,0061,0062,0063,0064,0065,0066
plugin: d00i270000_fd1a708466c1_e3b0c44298fc d00i2700000003,0004,0005,0006,0007,0008,0009,000a,0011,0012,0013,0014,0015,0016,002f,0032,0033,0035,0038,0039,0060,0061,0062,0063,0064,0065,0066
https://github.com/arkime/arkime/raw/main/tests/pcap/wireshark-dtls12.pcap version issue?
arkime: dd2i030300_f7e428980f70_6c817ce3d217 plugin: d00i030300_f7e428980f70_6c817ce3d217