Inconsistent Results Between Binary JA4 and Python JA4

[cpmta]

Here are the results of the same pcap once executed with the latest ja4.py and then again with the latest ja4 on linux Python only displays the JA4H

VMware-Virtual-Platform:~/tmp/ja4/python$ ~/ja4/ja4 test.pcap
- stream: 0
  transport: tcp
  src: <--redacted-->
  dst: <--redacted-->
  src_port: 1040
  dst_port: 80
  tls_server_name: secure.logmeinrescue.com
  ja4: t12d830700_4cb4e1c7a84f_4446390ac224
  ja4s: t120300_c030_bec8bdbaef8a
  tls_certs:
  - x509:
    - ja4x: 2958ffa05805_2166164053c1_000000000000
      issuerCountryName:<--redacted-->
      issuerStateOrProvinceName:<--redacted-->
      issuerOrganizationName:<--redacted-->
      issuerOrganizationalUnit:<--redacted-->
      issuerCommonName:<--redacted-->
      subjectCountryName:<--redacted-->
      subjectStateOrProvinceName:<--redacted-->
      subjectLocalityName:<--redacted-->
      subjectOrganizationName:<--redacted-->
      subjectOrganizationalUnit:<--redacted-->
      subjectCommonName:<--redacted-->
  ja4l_c: 112_128
  ja4l_s: 104_64
  http:
  - ja4h: co11nn030000_c8b241c27500_000000000000_000000000000

VMware-Virtual-Platform:~/tmp/ja4/python$ python3 ja4.py test.pcap
{'stream': 0, 'src': '<--redacted-->', 'dst': '<--redacted-->', 'srcport': '1040', 'dstport': '80', 'JA4H': 'co11nn030000_c8b241c27500_000000000000_000000000000'}

[noeltimothy]

Hi, can you send us the pcap that you used.

[cpmta]

Can I share it with you in private ?