sniffglue misses TLS handshake messages that extend over more than one TCP segment

I was trying to sniff the SNI data from an IOT device to see what it was connecting to, and realized that sniffglue was missing a lot of connections that tshark does not. Even running sniffglue with `-vvvv` doesn't suffice (although it will print the raw packets).

Example commands:

    tshark -i enp1s0 -O tls -Y "tls.handshake.extensions_server_name"

    sniffglue -j enp1s0 -vvvv

Is reassembling TCP segments considered too far out of scope for this project?

I can provide a sample pcap if needed / helpful, though I'll have to take the time to anonymize it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

sniffglue misses TLS handshake messages that extend over more than one TCP segment #142

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

sniffglue misses TLS handshake messages that extend over more than one TCP segment #142

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions