Regarding warning Unknown crypto suite from ClientMasterKey #4248
Comments
|
Please provide a pcap and the code you're using to sniff. |
|
See the following I've raised the warning for UnknownCipherSuite as an error, and have been logging them in my packet captures. In comparison to the packet captures in Wireshark. Application Data is being read as SSLv2ClientMasterkey. |
|
Just a note the first two captures in the log file are in the pcap. To save longevity of analysis. Only meant to do two to save having to analyze a bunch of packets. |
|
Information regarding the SSLv2 header if your interested. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Brief description
Segmented packets are read in and misinterpreted as SSLv2 handshakes.
Packets are often segmented TLS application Data packets when compared to Wireshark.
Scapy version
2.5.0
Python version
3.12.1
Operating system
Windows 11
Additional environment information
Develop a class in the SSLv2 handshake that recognizes and ignores segmented packets.
How to reproduce
sniff TLS packets and segmented TLS packets get misinterpreted as SSLv2_handshakes.
Actual result
No response
Expected result
No response
Related resources
No response
The text was updated successfully, but these errors were encountered: