-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regarding warning Unknown crypto suite from ClientMasterKey #4248
Comments
Please provide a pcap and the code you're using to sniff. |
See the following I've raised the warning for UnknownCipherSuite as an error, and have been logging them in my packet captures. In comparison to the packet captures in Wireshark. Application Data is being read as SSLv2ClientMasterkey. |
Just a note the first two captures in the log file are in the pcap. To save longevity of analysis. Only meant to do two to save having to analyze a bunch of packets. |
Information regarding the SSLv2 header if your interested. |
Brief description
Segmented packets are read in and misinterpreted as SSLv2 handshakes.
Packets are often segmented TLS application Data packets when compared to Wireshark.
Scapy version
2.5.0
Python version
3.12.1
Operating system
Windows 11
Additional environment information
Develop a class in the SSLv2 handshake that recognizes and ignores segmented packets.
How to reproduce
sniff TLS packets and segmented TLS packets get misinterpreted as SSLv2_handshakes.
Actual result
No response
Expected result
No response
Related resources
No response
The text was updated successfully, but these errors were encountered: