From mohit4677 at gmail.com Mon May 29 10:15:04 2017 From: mohit4677 at gmail.com (Mohit Batra) Date: Mon, 29 May 2017 15:45:04 +0530 Subject: [getdns-users] Procedure to decrypt encrypted DNS query/response packets inside Wireshark ? Message-ID: Hello Everyone, I have compiled / configured Stubby successfully, and I can see encrypted DNS query/response packets on port 853 on Wireshark. Now my question is: *"Is anyone aware of a documented procedure to decrypt encrypted DNS query/response packets inside Wireshark?"* Would appreciate any help or pointer on above question please. Thanks & Regards, Mohit Batra -------------- next part -------------- An HTML attachment was scrubbed... URL: From sara at sinodun.com Tue May 30 14:54:46 2017 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 30 May 2017 15:54:46 +0100 Subject: [getdns-users] Procedure to decrypt encrypted DNS query/response packets inside Wireshark ? In-Reply-To: References: Message-ID: > On 29 May 2017, at 11:15, Mohit Batra wrote: > > Hello Everyone, > > I have compiled / configured Stubby successfully, and I can see encrypted DNS query/response packets on port 853 on Wireshark. > > > Now my question is: > > "Is anyone aware of a documented procedure to decrypt encrypted DNS query/response packets inside Wireshark?? So a good starting point is: https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through which describes the basics of decrypting traffic assuming you are using openssl as a server. From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby). Sara. -------------- next part -------------- An HTML attachment was scrubbed... URL: