Re: [OpenSIPS-Users] Packet analysis using wireshark
Thank you. On Mon, 8 Apr 2024 at 15:44, Liviu Chircu wrote: > If you are not able to decode the WebRTC TLS connection in Wireshark, it's > possible you are dealing with a TLS 1.3 connection. > > In TLS 1.3, there is an extra "secrets" file which must be plugged into > Wireshark before it can decode the communication, which contains transient > data (per connection!). It is no longer sufficient to go to Edit -> > Preferences -> Protocols -> TLS / SSL -> *RSA keys list* and plug in your > private key. In that same dialog box, the field *(Pre)-Master-Secret log > filename* also becomes mandatory. > > Now, how to obtain the Master-Secret file? In Chrome/Firefox as well as > in cURL, you should find support for the *SSLKEYLOGFILE=* environment > variable. Just make sure to set this variable to the desired filepath > before running the WebRTC client and it *should* dump the secrets there. > Which will ultimately get picked up by Wireshark and the traffic will > decode. > > Good luck! :) > > Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com > OpenSIPS Summit 2024 Valencia, May 14-17 | www.opensips.org/events > > On 06.04.2024 17:39, Prathibha B wrote: > > I am unable to see the Voip calls in wireshark. For signaling opensips is > used. The calls are encrypted and it is webrtc communication. > > -- Regards, B.Prathibha ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Packet analysis using wireshark
If you are not able to decode the WebRTC TLS connection in Wireshark, it's possible you are dealing with a TLS 1.3 connection. In TLS 1.3, there is an extra "secrets" file which must be plugged into Wireshark before it can decode the communication, which contains transient data (per connection!). It is no longer sufficient to go to Edit -> Preferences -> Protocols -> TLS / SSL -> *RSA keys list* and plug in your private key. In that same dialog box, the field *(Pre)-Master-Secret log filename* also becomes mandatory. Now, how to obtain the Master-Secret file? In Chrome/Firefox as well as in cURL, you should find support for the *SSLKEYLOGFILE=* environment variable. Just make sure to set this variable to the desired filepath before running the WebRTC client and it /should/ dump the secrets there. Which will ultimately get picked up by Wireshark and the traffic will decode. Good luck! :) Liviu Chircu www.twitter.com/liviuchircu |www.opensips-solutions.com OpenSIPS Summit 2024 Valencia, May 14-17 |www.opensips.org/events On 06.04.2024 17:39, Prathibha B wrote: I am unable to see the Voip calls in wireshark. For signaling opensips is used. The calls are encrypted and it is webrtc communication.___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Packet analysis using wireshark
This is known as "working as intended". > On Apr 6, 2024, at 10:39 AM, Prathibha B wrote: > > I am unable to see the Voip calls in wireshark. For signaling opensips is > used. The calls are encrypted and it is webrtc communication. > > Sent from Outlook for Android > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800 ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
