Revision history [back]

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename]
3. open the pcap file

Expected:

1. decrypted payloads for quic handshakes
2. decrypted payloads for subsequent quic packets

Observed:

1. [PASS] decrypted payloads for quic handshakes
2. [FAIL] decrypted payloads for subsequent quic packets

Is there any additional steps that I need to follow to decrypt all quic packets?

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename]
3. open the pcap file

Expected:

1. decrypted payloads for quic handshakes
2. decrypted payloads for subsequent quic packets

Observed:

1. [PASS] decrypted payloads for quic handshakes
2. [FAIL] decrypted payloads for subsequent quic packets

Is there any additional steps that I need to follow to decrypt all quic packets?

screenshot showing the issue: wireshark-quic-screenshot

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
3. open the pcap file

Expected:

1. decrypted payloads for quic handshakes
2. decrypted payloads for subsequent quic packets

Observed:

1. [PASS] decrypted payloads for quic handshakes
2. [FAIL] decrypted payloads for subsequent quic packets

Is there any additional steps that I need to follow to decrypt all quic packets?

screenshot showing the issue: wireshark-quic-screenshot

I'm trying to get an understanding of the quic protocol using wireshark (and other material from various sources).

Steps that I followed:

1. captured (using tshark) quic traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
3. open the pcap file

Expected:

1. decrypted payloads for quic handshakes
2. decrypted payloads for subsequent quic packets

Observed:

1. [PASS] decrypted payloads for quic handshakes
2. [FAIL] decrypted payloads for subsequent quic packets

Is Are there any additional steps that I need to follow to decrypt all quic packets?

screenshot showing the issue: wireshark-quic-screenshot

I'm trying to get an understanding of the quic QUIC protocol using wireshark (and other material from various sources).

Steps that I followed:

1. captured (using tshark) quic QUIC traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
3. open the pcap file

Expected:

1. decrypted payloads for quic QUIC handshakes
2. decrypted payloads for subsequent quic QUIC packets

Observed:

1. [PASS] decrypted payloads for quic QUIC handshakes
2. [FAIL] decrypted payloads for subsequent quic QUIC packets

Are there any additional steps that I need to follow to decrypt all quic QUIC packets?

screenshot showing the issue: wireshark-quic-screenshot