Joy not reporting TLS session metadata for a large chunk of traffic

cisco / joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

Other

1.31k stars 329 forks source link

Joy not reporting TLS session metadata for a large chunk of traffic #282

Closed randomsecguy closed 5 years ago

randomsecguy commented 5 years ago

Hi,

I ran joy (version 2.1-dev) with a big dataset of traffic consisting of pcaps using the following: ./joy bidir=1 tls=1 output=sample.json 1.pcap 2.pcap .....

In the majority of json output files, joy does not report TLS session metadata and instead writes "error: no role". I have manually checked the pcap files and the TLS handshake information is actually there for the flows as it should be. Am I doing something wrong ? Thank you

brilong commented 5 years ago

Many bugs have been fixed since Joy 2.1. We are now on version 4.5.0. Please upgrade your version of Joy and try again. Thanks.

randomsecguy commented 5 years ago

Yeah that was it. All is ok now. Please move this to closed or delete.