We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is JA4 algorithm supposed to work with DTLS traffic too? I am asking beacsue:
AFAIK, it should work out out of the box, with only some minor changes to handle the DTLS version numbers
The text was updated successfully, but these errors were encountered:
Great call out! DTLS sends a normal TLS client hello packet over UDP so this is very easy to fingerprint with JA4.
I've added DTLS support to the JA4 spec here: https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/JA4.md
We'll start working on updating all the packages to add said support.
This update has no impact to existing JA4 fingerprints - it only adds support for DTLS.
Sorry, something went wrong.
@IvanNardi JA4 DTLS support has been added to Zeek, Wireshark, and is coming to Arkime soon.
john-althouse
No branches or pull requests
Is JA4 algorithm supposed to work with DTLS traffic too?
I am asking beacsue:
AFAIK, it should work out out of the box, with only some minor changes to handle the DTLS version numbers
The text was updated successfully, but these errors were encountered: