Chris John Riley 
From p0f to JA4+: Network Fingerprinting and Reconnaissance
Interesting presentation by @vlad_iliushin on passive TLS network-level fingerprinting tools (e.g. JA3/JA4) and their pros/cons. H/T to p0f 🤣
MuonFP — lightweight TCP passive network fingerprinting tool. #FIRSTCON25
Fingerprints that don't include any options — e.g. 65535 : : : or 1024 : : : — are large-scale scanning tools as they don't send options in order to speed up scans and they don't expect a full connection to form (therefore don't need to form the packet fully).
