fq/format/tls/testdata/ja3.fqtest

$ fq -L . 'include "ja3"; pcap_ja3' testtls.com.http1.1-tls1.2.pcap
[
  {
    "client_ip": "192.168.1.230",
    "client_port": 61925,
    "ja3": "771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-16-22-23-13,29-23-30-25-24,0-1-2",
    "ja3_digest": "87b9bfc7da97115ed2276737b09f8d74",
    "server_ip": "116.203.76.237",
    "server_port": 443
  }
]