THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 5
magesh's avatar
1
magesh
updated 2019-12-25 07:03:15 +0000

[ws 3.2.0] quic handshake is decrypted but subsequent packets are not

I'm trying to get an understanding of the QUIC protocol using wireshark (and other material from various sources).

Steps that I followed:

  1. captured (using tshark) QUIC traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
  2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
  3. open the pcap file

Expected:

  1. decrypted payloads for QUIC handshakes
  2. decrypted payloads for subsequent QUIC packets

Observed:

  1. [PASS] decrypted payloads for QUIC handshakes
  2. [FAIL] decrypted payloads for subsequent QUIC packets

Are there any additional steps that I need to follow to decrypt all QUIC packets?

screenshot showing the issue: wireshark-quic-screenshot

Revision 4
magesh's avatar
1
magesh
updated 2019-12-25 07:01:39 +0000

[ws 3.2.0] quic handshake is decrypted but subsequent packets are not

I'm trying to get an understanding of the QUIC quic protocol using wireshark (and other material from various sources).

Steps that I followed:

  1. captured (using tshark) QUIC quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
  2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
  3. open the pcap file

Expected:

  1. decrypted payloads for QUIC quic handshakes
  2. decrypted payloads for subsequent QUIC quic packets

Observed:

  1. [PASS] decrypted payloads for QUIC quic handshakes
  2. [FAIL] decrypted payloads for subsequent QUIC quic packets

Are there any additional steps that I need to follow to decrypt all QUIC quic packets?

screenshot showing the issue: wireshark-quic-screenshot

Revision 3
magesh's avatar
1
magesh
updated 2019-12-25 07:00:46 +0000

[ws 3.2.0] quic handshake is decrypted but subsequent packets are not

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

  1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
  2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
  3. open the pcap file

Expected:

  1. decrypted payloads for quic handshakes
  2. decrypted payloads for subsequent quic packets

Observed:

  1. [PASS] decrypted payloads for quic handshakes
  2. [FAIL] decrypted payloads for subsequent quic packets

Are Is there any additional steps that I need to follow to decrypt all quic packets?

screenshot showing the issue: wireshark-quic-screenshot

Revision 2
magesh's avatar
1
magesh
updated 2019-12-25 06:55:44 +0000

[ws 3.2.0] quic handshake is decrypted but subsequent packets are not

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

  1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
  2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
  3. open the pcap file

Expected:

  1. decrypted payloads for quic handshakes
  2. decrypted payloads for subsequent quic packets

Observed:

  1. [PASS] decrypted payloads for quic handshakes
  2. [FAIL] decrypted payloads for subsequent quic packets

Is there any additional steps that I need to follow to decrypt all quic packets?

screenshot showing the issue: wireshark-quic-screenshot

Revision 1
magesh's avatar
1
magesh
asked 2019-12-25 06:54:17 +0000

[ws 3.2.0] quic handshake is decrypted but subsequent packets are not

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

  1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
  2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename]
  3. open the pcap file

Expected:

  1. decrypted payloads for quic handshakes
  2. decrypted payloads for subsequent quic packets

Observed:

  1. [PASS] decrypted payloads for quic handshakes
  2. [FAIL] decrypted payloads for subsequent quic packets

Is there any additional steps that I need to follow to decrypt all quic packets?

screenshot showing the issue: wireshark-quic-screenshotwireshark-quic-screenshot