Hi, I'm trying to decrypt DTLS packet, also used some other PSK's, but it doesn't work at all. Do you have any references for decrypting DTLS packet with version 3.4.7? I'm telling that i'm using the latest version of Wireshark.
Here's a working scenario on a Linux box,
Start Wireshark, set DTLS preferences Pre-Shared Key to 0102030405060708090a0b0c0d0e0f, and start the capture on the loopback interface.
As a server run this in a Linux console
$ PSK=0102030405060708090a0b0c0d0e0f
$ openssl s_server -dtls -psk $PSK -cipher PSK-AES128-CBC-SHA -nocert -accept 23000
As a client run this in another Linux console
$ PSK=0102030405060708090a0b0c0d0e0f
$ openssl s_client -psk $PSK -dtls -connect 127.0.0.1:23000
Type something in the client console and press enter, it should show up on the server console, and in Wireshark the DTLS packets should show this same data in an Application Data packet.
@Jaap - yes, I tend to learn the hard way and it was useful to see that the startup is needed for decode.
Added it to the DTLS Wiki page
@won You asked about decrypting DTLS with Wireshark, and mentioned the use of PSK's. So I created a working example of creating such network traffic, capture and dissection of the DTLS packets and decryption of the payload.
This example uses the openssl command line program features to setup the server and client for the DTLS connection. It may be possible to do the same with other programs, this is just an example.
In the example the PSK is setup in an environment variable in the opened Bash-like shell. Other shell types may have different ways of setting environment variables. Copying the line after the '$' prompt should work fine.
Asked: 2021-08-09 05:40:02 +0000
Seen: 3,265 times
Last updated: Aug 09 '21
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
A PSK only works when using RSA ciphers, which are becoming less often used. Can you share a capture, or at least the output of the TLS debug log?
This is the part of captured file that I've done.(Not sure the image shows well.) (+ I don't know how to upload the image file.) I've checked to "Edit -> Preferences -> Protocol -> DTLS", but it requires PSK to decrypt.link text
An image of a capture doesn't really help, as noted above we need either the capture, or the TLS debug log (see the TLS dissector preferences).
Captures, logs, images etc. should be uploaded to an external public share and then a link to the item posted back here. Your image isn't publicly shared.