arm wireshark v4.2.2-0-g404592842786 on macOS Sonoma 14.3
ad7e956b32d9397f215caf84e9470d2e96946f2b57ef39a6449d55c61627d059 ja4.so
Issue:
Fileds provided by the JA4+ plugin are malformed in tshark output. All field values appear to have a comma prepended, and field values are sometimes duplicated.
Additionally, I believe debug printing was left enabled.
Expected behavior:
Field values should not have a comma prepended, and values should not be duplicated.
Debug output of packet processing should be disabled.
Steps to reproduce:
Place a copy of ja4.so into /Applications/Wireshark.app/Contents/PlugIns/wireshark/4-2/epan/
Run tshark with a field provided by the plugin (e.g. "tls.handshake.ja4") enabled on a pcap containing SSL negotiations and observe output.
Environment:
arm wireshark v4.2.2-0-g404592842786 on macOS Sonoma 14.3 ad7e956b32d9397f215caf84e9470d2e96946f2b57ef39a6449d55c61627d059 ja4.so
Issue:
Fileds provided by the JA4+ plugin are malformed in tshark output. All field values appear to have a comma prepended, and field values are sometimes duplicated.
Additionally, I believe debug printing was left enabled.
Expected behavior:
Field values should not have a comma prepended, and values should not be duplicated. Debug output of packet processing should be disabled.
Steps to reproduce: