Wireshark-users: [Wireshark-users] [re-post of my Q on ask.wireshark.org] [ws 3.2.0] QUIC handsha
Date Prev · Date Next · Thread Prev · Thread Next
From: Magesh Dhasayyan <[email protected]>
Date: Wed, 25 Dec 2019 13:43:48 +0530
Hi,

I'm trying to get an understanding of the QUIC protocol using wireshark (and other material from various sources).

Steps that I followed:
 1. captured (using tshark) QUIC traffic between a local client server (generated using mozilla/neqo, with SSLKEYLOGFILE env to store traffic secrets).
 2. set the captured traffic secrets path in wireshark preferences (Protocols -> TLS [(Pre)-Master-Secret log filename])
 3. opened the pcap file

Expected:
 1. decrypted payloads for QUIC handshakes
 2. decrypted payloads for subsequent QUIC packets

Observed:
 1. [PASS] decrypted payloads for QUIC handshakes
 2. [FAIL] decrypted payloads for subsequent QUIC packets

Are there any additional steps that I need to follow to decrypt all QUIC packets?

screenshot showing the issue: https://ibb.co/ysgN5yW


Thanks,
Magesh