Decrypting TLS, HTTP/2 and QUIC with Wireshark

This is a very educative piece. Brilliant conversation and enlightening. Thanks Dave and Chris

One complication I've run into is tracing the QUIC back to STUN and TCP. I've created various profiles to help me visualize the UDP Stream, then to the QUIC and STUN IDs. Also, I've been doing performance analysis using TCP with encrypted payloads for a good while now...TCP behavior analysis provides as gold mind of practical performance data show which direction latency is coming from, TCP deadlocks, etc. TCP Illustrate is one of the best, if not the TCP learning narratives. Great Video!

Thank you for the calm and relaxed way you manage to convey content without any form of sensation seeking or unnecessary shouting like many other youtubers do.

Thing to remember that QUIC was needed because the TCP and UDP protocols cannot be upgraded because the internet connections are full of hardware called middle boxes that can't get firmware upgrades. To provide a better protocol, QUIC was built on top of UDP to give the benefits of TCP without too many of the overheads of TCP.

I feel it's important to convey information of this level of sensitivity in a calm way so that the information finds its way to the brain and remains there. You guys have done justice to the topic and the manner of rendering. Thank you, a lot.

#David & #Chris, You both are brilliant human beings. You create videos with higher honesty so that people can learn and earn and you guys never keep any suspense for the viewers. I have observed, that you always ask the correct question even if the guests try to divert from the main topic. Wonderful work for the community. You deserve a lot of blessings. You can understand how much satisfaction I have watching your series.

I remember my teacher in college trying to tell me that HTTPS was secure in 2012. It was not secure in 2012, he tried to make me look like an idiot even though I showed him proof. Thanks for the video David and Chris!

I would like to see a video on how to identify the dodge stuff happening. They way Chris explained on how can we go ahead and find it out that’s interesting. Please make that content as soon as possible

This's so thoughtful of you guys... Delivering such a tutorial you have provided a lot of information in a simplified way. Thank you so much #David & #Chris for that

Thank you so much for this! This helps me a lot in my CS-degree. My lectures often just name drop all of this protocols and jargon, but don’t really go over them I practice - so these vids are really helpful to give my curriculum some context. Keep up the good and important work guys!

Thank you David and Chris for this! I'm still learning a lot of cyber and networking, and you guys are helping A LOT!

Amazing teachers. I am so blessed I'm learning all this for free and at the highest quality. Thank you gentlemen.

Learn how to decrypt TLS, HTTP/2 and QUIC using Wireshark.
// MENU //
0:00 ▶ Introduction
1:25 ▶ What is HTTPS vs HTTP2 vs QUIC
6:30 ▶ What is QUIC
9:42 ▶ How long have we been using QUIC
10:12 ▶ Technical tour of QUIC
14:18 ▶ Why use QUIC instead of TCP
17:48 ▶ QUIC negotiation and support
19:04 ▶ Steps to decrypt TLS
20:04 ▶ Is Wireshark useless without the decryption keys
22:16 ▶ MITM
23:47 ▶ Advice on how do I learn Wireshark
25:40 ▶ TCP/IP Illustrated book
25:54 ▶ Rather focus on learning protocols instead of Wireshark
26:35 ▶ Next video ideas
// LINKS //
PCAP file: davidbombal.wiki/ssldecryptionpcap
Previous video: th-cam.com/video/GMNOT1aZmD8/w-d-xo.html
How to Decrypt SSL with Wireshark - HTTPS Decryption Guide: davidbombal.wiki/sslwireshark
Man in the middle Python script: th-cam.com/video/O1jpck31Ask/w-d-xo.html
Chris shows TLS decryption: th-cam.com/video/5qecyZHL-GU/w-d-xo.html
Chris Intro to Wireshark: th-cam.com/video/OU-A2EmVrKQ/w-d-xo.html
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
TH-cam: th-cam.com/users/ChrisGreer
Twitter: twitter.com/packetpioneer
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Great stuff! Thanks a lot David & Chris for sharing the knowledge. Your channel really helping with my studies. Bless 🙏

Both the gurus I follow 🙌 Chris you and Lisa Bock have really helped my journey with Wireshark. David of course you are genius - has helped me step up GNS3 labs and helped me with NETMIKO Automation!! Thank you guys for revolutionizing Network Industry!! We definitely need people like you to ease the pain points in Networking.

I was just looking for this topic a while ago! Thanks for delivering sir!

I love the detail that these videos are going into. Keep it up!

Just brilliant! Concise and precise information. Thanks to you two.

This is brilliant, thanks a lot David & Chris!.

Packets are so cool man! I was so hyped watching this video and seeing how all of this data is around us. Thanks for helping me understand this information

Thanks David and chris for this precious session. I know now what a QUIC is.

watching and learning everyday from this channel. Thank you so much David and Chris
love from Sierra Leone

Thanks so much, David and Chris for the wonderful information delivered

Thank you David and Chris for this video. Looking forward for the next video.

I was waiting for this part! Thank you!

Awesome videos with Chris! Keep up the good work.

Love you guys keep up the good work, hope more videos coming from you guys together.

03:45 Thanks David for adding this addon (within the main session). Otherwise, it creates confusion that, on one side, Chris mentioned that everything is happening on one TCP session and, on the other side, Chris mentioned "You can think of each stream as an individual TCP connection." So, basically everything is happening on the main TCP connection but due to advance functionality of the HTTP 2.0, multiple streams are working as on separate TCP connection for better functionality and better user experience.

Thank you, sir bombal, for your passionate tutorials!

Another smash hit from the David and Chris Show! Just what the doctor ordered and there's even a part 3 on the horizon - boy are we in for a treat... I wonder what's in store for Christmas 😀🥳🌲

Hii, David, I am a new subscriber. I am sad that I didn't find your channel before. I bought multiple of your course at a discount. I am excited to put in the time and hours during this winter. I was hoping to see a roadmap for 2022.

Excellent series. Absolutely loving it!

Very informative! Thank you! Your channel is amazing!

hi Mr Bombal it's such good opportunity that chris is here and so we can get the advantage to learn from both of you guys God bless u both thx

Very informative. Keep making this kinda networking and cyber security videos.

Building the filters and pointing out the weird stuffs from the packets would be fun 😊.. Thank you so much

I really enjoy this duo.

Very good video!
Actually entertaining and learnt a lot
I'm actually really happy I saw this

this is interesting, learned a lot . thanks both of you.

Thank you very much for making it simple and easy to comprehend how to use wireshark 🎉

Thank you David and Chris…So nice explanation…..❤️

Thanks David and Chris! Please also do some MITM stuff.

Another outstanding video!

Hey David you make nice and understandable videos keep them coming :)

Deeply in love with your channel and courses in udemy too.

Thank you Chris, Thank you David!!! Amazing!!!

Very interessting topic.... thanks for new Updates 🇩🇪

Thanks David for all your great contents and courses, love them.

very great questioning and explanation

great, waiting for more 👏👏👏

Thank you very much for this detailed explanation I appreciate it

This guy Chris, the dude has knowledge they don't kick in college :-) A1 content Dave & Chris

It's so good sir... Looking forward for more contents with David and Chris sir...😃😃

really super and good information about QUIC, thanks david

Super cool video!!

Brilliant stuff!

Very informative, thank you!

Chris and David Bravo! Just so calm explaining with ease. Thank you so much for this video(s). VERY HELPFUL. @Chris;where can I get that T-Shirt?

Great stuff!

you guys rock! thanks for the tips

Looking forward to the next installment, which is specifically of interest to me since i have a bit of a cyber stalking issue.

Brilliant content!

awesome content dave

Thanks for your job !

Excellent content. Very informative.

You are the best teacher. Lots of love to U David❤️❤️❤️❤️

You are worth millions respect 🙏

What an amazing talk.

wow its is so helpfull, thanks u david keep going the good work.

great video ❤

Really informative one. Thank you

What a crossover 👏 ❤

Really awesome information , Thanks you both sir

Hello, was wondering if the decryption could be done using a MITM, for instance the MITM proxy...Would be great to see that happening perhaps in ur next video with Chris!!!!

Awesome content!

More of this please 🥰

Love You Sir❤
From India in Kerala......🎉

EXCELLENT!!! 10/10

Excelent points

I've been following QUIC for many moons now, as soon as I had the chance to switch over i did. The speed of UDP with TLS 1.3 is far superior. Doing huge data dumps is so much faster and it's much more reliable and secure.

I thought multi-path TCP would be the evolution on transport layer, now I am skeptical.
Edit: OH! Now I did a litle google search, and came across Multi-Path QUIC. My head just exploted !!

Love this content David and Chris! I'm doing a project for my DFIR Class and we are using wireshark to analyze the packets thanks for this helps to understand more.

Awesome!

cool as always

I would really appreciate it guys if you could illustrate how can we use wireshark to analyze WhatsApp web packages and be able to identify the location of the sender, that's for the 1st Qs
2nd question is : how hackers can use our ip address and specify which websites we have registered to using our email and pswd, i've heard that in a video but they didn't show what tool they use to get the websites we sign up to using the ip address
I want to whether or not this is true
And thank you for such quality content, really helps

This video deserves more views

i understood,thank you

@Chris, Thanks mate

Againg a usefull video, since old days called Ethereal, Wireshark is a swiss army 💪

Not to mention this will make it more difficult to do port scanning.. Especially, if the firewall filters ICMP responses. For example, if I'm running an API over QUIC using port 34000 for an IoT device and my IoT software firewall filters port unreachable ICMP that port will look the same as any other... You'd have to craft a QUIC initial packet and assume it's QUIC for each port or simply MITM the device. With TCP all ports that are open must respond to a SYN.

Awesome content. Chris is an amazing guy. I would love to see a man in the middle attack. More difficult = More valuable 😍. Thank you

THANK YOU SO MUCH

Hi all, this was a great session. I'm blown away. Question though, doesn't QUIC inhibits security appliances from detecting or scanning the user's traffic, for example, a user at the corporate website visited a website that was prohibited, if QUIC was used to open the session to access the website, the security appliance would not be able to block the website, is that correct?

BEST ON TH-cam

this seems much better

Isn’t IPSEC considered a different transport protocol than TCP & UDP? Since it has its own IP protocol number (ESP 50 and AH 51) or are these being used less frequently? I know AH breaks with NAT so isn’t used that often except gateway to gateway tunnels.

If I recall right there is an inner layer of TLS in QUIC can you show us how to decrypt that one?

Does QUIC have any packet format or does it uses UDP's one coz I remembered in UDP there is no part like destination id but needed some clarifications here
Thanks😊

THANK YOU , THANK YOU , THANK YOU, if I keep saying thank you wont be enough , the information shared here is enough to pass and impress an employer , really thank you David , ad Chris . I know I wont use these info daily as I am a network engineer but the knowledge is worthy . May God bless you all.

Nice 😎