Quick Labs
Focused tutorials on each JA4+ fingerprint type. Each lab includes theory, Wireshark examples, and tshark commands for hands-on practice.
15 minBeginner
JA4 - TLS Client Fingerprinting
Learn the JA4 TLS client fingerprint format: protocol, version, cipher suites, extensions, and ALPN in the a_b_c structure.
ClientHello parsinga_b_c formatCipher suite orderingExtension analysis
15 minBeginner
JA4S - TLS Server Fingerprinting
Fingerprint TLS server responses by analyzing ServerHello messages, selected cipher suites, and extensions.
ServerHello analysisCipher selectionExtension orderingServer identification
20 minBeginner
JA4H - HTTP Client Fingerprinting
Identify HTTP clients through header field analysis, ordering patterns, and cookie behavior.
Header orderingAccept-LanguageCookie fingerprintingBrowser detection
20 minIntermediate
JA4T - TCP Client Fingerprinting
Analyze TCP SYN packets to fingerprint client operating systems using window size, options, and MSS.
TCP window sizeMSS analysisTCP optionsOS identification
15 minIntermediate
JA4TS - TCP Server Fingerprinting
Fingerprint servers by analyzing TCP SYN-ACK response characteristics and behavior.
SYN-ACK analysisServer OS detectionWindow scalingResponse patterns
25 minAdvanced
JA4TScan - TCP Scan Detection
Detect network scanners like Nmap and Masscan through passive TCP fingerprinting of scan traffic.
Scanner detectionNmap fingerprintsMasscan signaturesScan classification
20 minIntermediate
JA4SSH - SSH Traffic Analysis
Classify SSH sessions by analyzing packet length patterns to detect interactive, SCP, and tunnel activity.
SSH packet analysisSession classificationTunnel detectionSCP vs interactive
10 minBeginner
Wireshark JA4 Plugin
Install the official JA4+ Wireshark plugin and use display filters for live fingerprint analysis.
Plugin installationDisplay filtersColumn setupLive analysis