[getdns-users] Procedure to decrypt encrypted DNS query/response packets inside Wireshark ?
Sara Dickinson
sara at sinodun.com
Tue May 30 14:54:46 UTC 2017
> On 29 May 2017, at 11:15, Mohit Batra <mohit4677 at gmail.com> wrote:
>
> Hello Everyone,
>
> I have compiled / configured Stubby successfully, and I can see encrypted DNS query/response packets on port 853 on Wireshark.
>
>
> Now my question is:
>
> "Is anyone aware of a documented procedure to decrypt encrypted DNS query/response packets inside Wireshark?”
So a good starting point is: https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through <https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through> which describes the basics of decrypting traffic assuming you are using openssl as a server.
From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby).
Sara.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170530/ddf420a7/attachment.htm>
More information about the Users
mailing list