Project

General

Profile

Actions

Bug #2393

closed

One way TLS traffic not properly identified

Added by Austin Taylor over 6 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata does not properly identify TLS traffic that only has one-way communication. Bro seems to properly identify the traffic and extract the TLS fields, but Suricata does not. I've tried using both netflow and flow, but both were unsuccessful in identifying the attached PCAP as TLS.


Files

ssl_not_identified_by_suricata.pcap (4.13 KB) ssl_not_identified_by_suricata.pcap PCAP not identified as SSL by Suricata Austin Taylor, 01/03/2018 08:54 AM
ssl_identified_by_bro_not_suricata.png (160 KB) ssl_identified_by_bro_not_suricata.png Bro SSL identification Austin Taylor, 01/03/2018 08:54 AM

Related issues 1 (1 open0 closed)

Related to Suricata - Task #2278: tracking: failing betterNewOISF DevActions
Actions

Also available in: Atom PDF