An implementation of the JA3 TLS client fingerprinting algorithm for wireshark/tshark.
apt install lua-md5
In Wireshark, for TLS or SSL packets, this plugin will display additional information. JA3 information in form of full info and MD5-hash for client handshake packets. JA3S information will be displayed for server hello packets.
wget https://raw.githubusercontent.com/fullylegit/ja3/master/ja3.lua
wget https://raw.githubusercontent.com/kikito/md5.lua/master/md5.lua
cp -r ja3.lua md5.lua /usr/lib/x86_64-linux-gnu/wireshark/plugins
wireshark==>analyzer==>reolad lua plugins==>filter tls