App-layer probing miss some connections #49
Labels
bug
Something isn't working
Comments
thearossman
changed the title
thearossman
added
bug
thearossman
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From experiments filtering out TLS in Retina, we observed that the parser misses some TLS traffic:
It appears to miss most TLS traffic for version != 1.3. Over a few iterations, we saw no TLSv1.2 captured when filtering for tls and a fair amount of TLSv1.2 when filtering out TLS. Similar for SSLv2 and TLSv1, which would also be nice to support.
I observed similar issues a couple of times for HTTP and relatively consistently for DNS.
All of this needs more investigation, but the issue is reproducible on live traffic. (We haven't been able to find a pcap that reproduces.)
The text was updated successfully, but these errors were encountered: