Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

DTLS decryption and UDP streams

Hello everyone

Im currently trying to dissect a WebRTC packets, encrypted with DTLS. I'm using the SSLKEYLOGFILE env variable method for decryption (so the pre-master secret gets dumped and then feeding this file to wireshark).

My problem is the following: Not all packets are getting decrypted. Upon further inspection, found out this could have to do with the way Wireshark follows the streams.

At some point in the communication, there is a change which cause some of the messages to start using a different dst port for UDP. Wireshark then thinks of these messages as belonging to a UDP stream that begins with the stun message that caused this port change, as opposed to with the handshake. My guess is that, since master secret is computed using the pre master secret and the client and server randoms, Wireshark stops being able to decrypt these messages, as it can no longer tracks them back to the original handshake.

My question is, is there any way for me to tell Wireshark that these messages also originate on the same handshake? I'm not sure I can fix the change of port, since that happens on code I don't have ownership upon.

Wanted to share images of the streams, but I dont have enough points xD (sorry)