When i ran the ./fingerprinter.py test.pcap, I am not getting any values. it's returning empty only

cisco / joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

Other

1.31k stars 329 forks source link

When i ran the ./fingerprinter.py test.pcap, I am not getting any values. it's returning empty only #259

Closed muthhus closed 5 years ago

muthhus commented 5 years ago

When i ran the ./fingerprinter.py test.pcap, I am not getting any values. it's returning empty only.

Thanks

muthhus commented 5 years ago

It's only working with your test pcap data. I assume that it might be formatted/implemented based on your test pcap file structure.

bhudson33 commented 5 years ago

it appears that there may not be a TLS fingerprint in your PCAP file. Try this:

bin/joy fpx=1

and see if the output contains a TLS fingerprint. If not then the PCAP file you have does not contain a TLS PCAP. if you run the same command on test/pcaps/tls12.pcap you will see a fingerprint is found.

if you have gzip option turned on, then pipe the output into zless