[OpenSIPS-Users] Packet analysis using wireshark
Liviu Chircu
liviu at opensips.org
Mon Apr 8 10:14:42 UTC 2024
If you are not able to decode the WebRTC TLS connection in Wireshark,
it's possible you are dealing with a TLS 1.3 connection.
In TLS 1.3, there is an extra "secrets" file which must be plugged into
Wireshark before it can decode the communication, which contains
transient data (per connection!). It is no longer sufficient to go to
Edit -> Preferences -> Protocols -> TLS / SSL -> *RSA keys list* and
plug in your private key. In that same dialog box, the field
*(Pre)-Master-Secret log filename* also becomes mandatory.
Now, how to obtain the Master-Secret file? In Chrome/Firefox as well as
in cURL, you should find support for the *SSLKEYLOGFILE=* environment
variable. Just make sure to set this variable to the desired filepath
before running the WebRTC client and it /should/ dump the secrets
there. Which will ultimately get picked up by Wireshark and the traffic
will decode.
Good luck! :)
Liviu Chircu
www.twitter.com/liviuchircu |www.opensips-solutions.com
OpenSIPS Summit 2024 Valencia, May 14-17 |www.opensips.org/events
On 06.04.2024 17:39, Prathibha B wrote:
> I am unable to see the Voip calls in wireshark. For signaling opensips
> is used. The calls are encrypted and it is webrtc communication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240408/c5549d27/attachment.html>
More information about the Users
mailing list