Wireshark · Wireshark-users: [Wireshark-users] [re-post of my Q on ask.wireshark.org] [ws 3.2.0] QUIC handshake is decrypted but

Wireshark-users: [Wireshark-users] [re-post of my Q on ask.wireshark.org] [ws 3.2.0] QUIC handsha

From: Magesh Dhasayyan <mag.1984@xxxxxxxxx>

Date: Wed, 25 Dec 2019 13:43:48 +0530

Hi,

I'm trying to get an understanding of the QUIC protocol using wireshark (and other material from various sources).

Steps that I followed:
1. captured (using tshark) QUIC traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
3. opened the pcap file

Expected:
1. decrypted payloads for QUIC handshakes
2. decrypted payloads for subsequent QUIC packets

Observed:
1. [PASS] decrypted payloads for QUIC handshakes
2. [FAIL] decrypted payloads for subsequent QUIC packets

Are there any additional steps that I need to follow to decrypt all QUIC packets?

screenshot showing the issue: https://ibb.co/ysgN5yW

Thanks,

Magesh

Prev by Date: Re: [Wireshark-users] [Wireshark-announce] Wireshark Release Schedule
Previous by thread: Re: [Wireshark-users] [Wireshark-announce] Wireshark Release Schedule
Index(es):
- Date
- Thread