I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).
Steps that I followed:
- captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with
SSLKEYLOGFILE
env to store traffic secrets). - set the captured traffic secrets path in wireshark preferences (
Protocols -> TLS [(Pre)-Master-Secret log filename]
- open the pcap file
Expected:
- decrypted payloads for quic handshakes
- decrypted payloads for subsequent quic packets
Observed:
- [
PASS
] decrypted payloads for quic handshakes - [
FAIL
] decrypted payloads for subsequent quic packets
Is there any additional steps that I need to follow to decrypt all quic packets?