Skip to content

error_description": "Error: ParserPCAP: no tls info known for the first QUIC initial, not supported! Are you sure the trace decrypted? #11

New issue
New issue
Open
Open
error_description": "Error: ParserPCAP: no tls info known for the first QUIC initial, not supported! Are you sure the trace decrypted?#11
@Adam-Kadi

Description

@Adam-Kadi
Adam-Kadi
opened on Aug 24, 2022

Hi,

For my thesis, I would like to use the tool you have developed "pcap2qlog" to analyze QUIC communications with qvis. However, I have a problem when I generate the final.qlog file with a pcap, the command tells me this in output:

    "qlog_version": "draft-01",
    "description": "",
    "traces": [
        {
            "error_description": "Error: ParserPCAP: no tls info known for the first QUIC initial, not supported! Are you sure the trace decrypted? : [object Object], [{\"quic.frame_type\":\"0\",\"quic.padding_length\":\"916\"},{\"quic.frame_type\":\"6\",\"quic.crypto.offset\":\"0\",\"quic.crypto.length\":\"285\",\"quic.crypto.crypto_data\":\"\",\"tls\":{\"tls.handshake\":{\"tls.handshake.type\":\"1\",\"tls.handshake.length\":\"281\",\"tls.handshake.version\":\"0x0303\",\"tls.handshake.random\":\"b8:89:47:df:59:ca:0c:fa:e5:0f:8e:94:31:f9:6c:84:a3:df:81:03:c8:44:e4:b7:69:46:18:dd:e7:65:35:b2\",\"tls.handshake.session_id_length\":\"0\",\"tls.handshake.cipher_suites_length\":\"38\",\"tls.handshake.ciphersuites\":{\"tls.handshake.ciphersuite\":[\"0xc02b\",\"0xc02f\",\"0xc02c\",\"0xc030\",\"0xcca9\",\"0xcca8\",\"0xc009\",\"0xc013\",\"0xc00a\",\"0xc014\",\"0x009c\",\"0x009d\",\"0x002f\",\"0x0035\",\"0xc012\",\"0x000a\",\"0x1301\",\"0x1302\",\"0x1303\"]},\"tls.handshake.comp_methods_length\":\"1\",\"tls.handshake.comp_methods\":{\"tls.handshake.comp_method\":\"0\"},\"tls.handshake.extensions_length\":\"202\",\"Extension: status_request (len=5)\":{\"tls.handshake.extension.type\":\"5\",\"tls.handshake.extension.len\":\"5\",\"tls.handshake.extensions_status_request_type\":\"1\",\"tls.handshake.extensions_status_request_responder_ids_len\":\"0\",\"tls.handshake.extensions_status_request_exts_len\":\"0\"},\"Extension: supported_groups (len=10)\":{\"tls.handshake.extension.type\":\"10\",\"tls.handshake.extension.len\":\"10\",\"tls.handshake.extensions_supported_groups_length\":\"8\",\"tls.handshake.extensions_supported_groups\":{\"tls.handshake.extensions_supported_group\":[\"0x001d\",\"0x0017\",\"0x0018\",\"0x0019\"]}},\"Extension: ec_point_formats (len=2)\":{\"tls.handshake.extension.type\":\"11\",\"tls.handshake.extension.len\":\"2\",\"tls.handshake.extensions_ec_point_formats_length\":\"1\",\"tls.handshake.extensions_ec_point_formats\":{\"tls.handshake.extensions_ec_point_format\":\"0\"}},\"Extension: signature_algorithms (len=26)\":{\"tls.handshake.extension.type\":\"13\",\"tls.handshake.extension.len\":\"26\",\"tls.handshake.sig_hash_alg_len\":\"24\",\"tls.handshake.sig_hash_algs\":{\"tls.handshake.sig_hash_alg\":[\"0x0804\",\"0x0403\",\"0x0807\",\"0x0805\",\"0x0806\",\"0x0401\",\"0x0501\",\"0x0601\",\"0x0503\",\"0x0603\",\"0x0201\",\"0x0203\"],\"tls.handshake.sig_hash_alg_tree\":[{\"tls.handshake.sig_hash_hash\":\"8\",\"tls.handshake.sig_hash_sig\":\"4\"},{\"tls.handshake.sig_hash_hash\":\"4\",\"tls.handshake.sig_hash_sig\":\"3\"},{\"tls.handshake.sig_hash_hash\":\"8\",\"tls.handshake.sig_hash_sig\":\"7\"},{\"tls.handshake.sig_hash_hash\":\"8\",\"tls.handshake.sig_hash_sig\":\"5\"},{\"tls.handshake.sig_hash_hash\":\"8\",\"tls.handshake.sig_hash_sig\":\"6\"},{\"tls.handshake.sig_hash_hash\":\"4\",\"tls.handshake.sig_hash_sig\":\"1\"},{\"tls.handshake.sig_hash_hash\":\"5\",\"tls.handshake.sig_hash_sig\":\"1\"},{\"tls.handshake.sig_hash_hash\":\"6\",\"tls.handshake.sig_hash_sig\":\"1\"},{\"tls.handshake.sig_hash_hash\":\"5\",\"tls.handshake.sig_hash_sig\":\"3\"},{\"tls.handshake.sig_hash_hash\":\"6\",\"tls.handshake.sig_hash_sig\":\"3\"},{\"tls.handshake.sig_hash_hash\":\"2\",\"tls.handshake.sig_hash_sig\":\"1\"},{\"tls.handshake.sig_hash_hash\":\"2\",\"tls.handshake.sig_hash_sig\":\"3\"}]}},\"Extension: renegotiation_info (len=1)\":{\"tls.handshake.extension.type\":\"65281\",\"tls.handshake.extension.len\":\"1\",\"Renegotiation Info extension\":{\"tls.handshake.extensions_reneg_info_len\":\"0\"}},\"Extension: application_layer_protocol_negotiation (len=5)\":{\"tls.handshake.extension.type\":\"16\",\"tls.handshake.extension.len\":\"5\",\"tls.handshake.extensions_alpn_len\":\"3\",\"tls.handshake.extensions_alpn_list\":{\"tls.handshake.extensions_alpn_str_len\":\"2\",\"tls.handshake.extensions_alpn_str\":\"h3\"}},\"Extension: signed_certificate_timestamp (len=0)\":{\"tls.handshake.extension.type\":\"18\",\"tls.handshake.extension.len\":\"0\"},\"Extension: supported_versions (len=3)\":{\"tls.handshake.extension.type\":\"43\",\"tls.handshake.extension.len\":\"3\",\"tls.handshake.extensions.supported_versions_len\":\"2\",\"tls.handshake.extensions.supported_version\":\"0x0304\"},\"Extension: key_share (len=38)\":{\"tls.handshake.extension.type\":\"51\",\"tls.handshake.extension.len\":\"38\",\"Key Share extension\":{\"tls.handshake.extensions_key_share_client_length\":\"36\",\"Key Share Entry: Group: x25519, Key Exchange length: 32\":{\"tls.handshake.extensions_key_share_group\":\"29\",\"tls.handshake.extensions_key_share_key_exchange_length\":\"32\",\"tls.handshake.extensions_key_share_key_exchange\":\"7f:ec:63:67:eb:3e:53:cc:b5:e3:74:63:0a:ee:66:d1:f2:f8:a4:7c:be:e1:30:04:8f:20:b2:9d:55:a2:e4:01\"}}},\"Extension: quic_transport_parameters (len=72)\":{\"tls.handshake.extension.type\":\"57\",\"tls.handshake.extension.len\":\"72\",\"Parameter: GREASE (len=14)\":{\"tls.quic.parameter.type\":\"678\",\"tls.quic.parameter.length\":\"14\",\"tls.quic.parameter.value\":\"36:3b:af:2d:b3:39:1e:19:c8:5f:dc:ea:f1:fc\"},\"Parameter: initial_max_stream_data_bidi_local (len=4) 524288\":{\"tls.quic.parameter.type\":\"5\",\"tls.quic.parameter.length\":\"4\",\"tls.quic.parameter.value\":\"80:08:00:00\",\"tls.quic.parameter.initial_max_stream_data_bidi_local\":\"524288\"},\"Parameter: initial_max_stream_data_bidi_remote (len=4) 524288\":{\"tls.quic.parameter.type\":\"6\",\"tls.quic.parameter.length\":\"4\",\"tls.quic.parameter.value\":\"80:08:00:00\",\"tls.quic.parameter.initial_max_stream_data_bidi_remote\":\"524288\"},\"Parameter: initial_max_stream_data_uni (len=4) 524288\":{\"tls.quic.parameter.type\":\"7\",\"tls.quic.parameter.length\":\"4\",\"tls.quic.parameter.value\":\"80:08:00:00\",\"tls.quic.parameter.initial_max_stream_data_uni\":\"524288\"},\"Parameter: initial_max_data (len=4) 786432\":{\"tls.quic.parameter.type\":\"4\",\"tls.quic.parameter.length\":\"4\",\"tls.quic.parameter.value\":\"80:0c:00:00\",\"tls.quic.parameter.initial_max_data\":\"786432\"},\"Parameter: initial_max_streams_bidi (len=2) 100\":{\"tls.quic.parameter.type\":\"8\",\"tls.quic.parameter.length\":\"2\",\"tls.quic.parameter.value\":\"40:64\",\"tls.quic.parameter.initial_max_streams_bidi\":\"100\"},\"Parameter: initial_max_streams_uni (len=2) 100\":{\"tls.quic.parameter.type\":\"9\",\"tls.quic.parameter.length\":\"2\",\"tls.quic.parameter.value\":\"40:64\",\"tls.quic.parameter.initial_max_streams_uni\":\"100\"},\"Parameter: max_idle_timeout (len=4) 30000 ms\":{\"tls.quic.parameter.type\":\"1\",\"tls.quic.parameter.length\":\"4\",\"tls.quic.parameter.value\":\"80:00:75:30\",\"tls.quic.parameter.max_idle_timeout\":\"30000\"},\"Parameter: max_udp_payload_size (len=2) 1452\":{\"tls.quic.parameter.type\":\"3\",\"tls.quic.parameter.length\":\"2\",\"tls.quic.parameter.value\":\"45:ac\",\"tls.quic.parameter.max_udp_payload_size\":\"1452\"},\"Parameter: GREASE (len=1) 26\":{\"tls.quic.parameter.type\":\"11\",\"tls.quic.parameter.length\":\"1\",\"tls.quic.parameter.value\":\"1a\",\"tls.quic.parameter.max_ack_delay\":\"26\"},\"Parameter: disable_active_migration (len=0)\":{\"tls.quic.parameter.type\":\"12\",\"tls.quic.parameter.length\":\"0\",\"tls.quic.parameter.value\":\"\"},\"Parameter: active_connection_id_limit (len=1) 4\":{\"tls.quic.parameter.type\":\"14\",\"tls.quic.parameter.length\":\"1\",\"tls.quic.parameter.value\":\"04\",\"tls.quic.parameter.active_connection_id_limit\":\"4\"},\"Parameter: initial_source_connection_id (len=0)\":{\"tls.quic.parameter.type\":\"15\",\"tls.quic.parameter.length\":\"0\",\"tls.quic.parameter.value\":\"\",\"tls.quic.parameter.initial_source_connection_id\":\"\"},\"Parameter: max_datagram_frame_size (len=1) 0\":{\"tls.quic.parameter.type\":\"32\",\"tls.quic.parameter.length\":\"1\",\"tls.quic.parameter.value\":\"00\",\"tls.quic.parameter.max_datagram_frame_size\":\"0\"}},\"tls.handshake.ja3_full\":\"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-16-18-43-51-57,29-23-24-25,0\",\"tls.handshake.ja3\":\"009edb0f6241f671c77b2a0abfa75707\"}}}]",
            "uri": "/home/akadi/Quic/Test2/cipher.pcapng"
        }
    ]
}

The command I ran on the terminal is this:

sudo node out/main.js --tshark=/bin/tshark --input=/home/akadi/Quic/Test2/cipher.pcapng --secrets=/home/akadi/Quic/Test2/ssl-key_242460824150148.log --outputpath=/home/akadi/Quic/Test2/final.qlog

In input, I put the decrypted QUIC session pcap on the Wireshark options with the TLS session key.

If anyone can help me, that would be very nice :)

Adam Kadi

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions