LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@uturned0(Yasunori Kuji)

TLS 1.3 の packet を見てみた

Last updated at Posted at 2022-08-12

TLS 1.3 パケット見てみるをシリーズ化する目標。

  1. Client Hello
  2. Hello Retry Request, Change Cipher Spec
  3. Change Cipher Spec, Client Hello
  4. Server Hello
  5. Server Hello 書き直し
  6. Certificate, Certificate Verify, Finished
  7. Application Data
  8. Finished

うーん。こう見ると、複数のTLS record typeが混ざってんだな・・

request

mac chromeで example.com を開いた. HTTP/2 で取得してた。

image.png

all packets(暗号化を解いた場合)

wireshark+chromeで複合した場合の見え方

ar Length src port dst port RTO Source Destination Protocol Info
03:04.3 78 49236 443 CS0 localhost example.com TCP 49236  >  443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=734761486 TSecr=0 SACK_PERM=1
03:04.4 74 443 49236 CS0 example.com localhost TCP 443  >  49236 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1414 SACK_PERM=1 TSval=1367443020 TSecr=734761486 WS=512
03:04.4 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=1 Ack=1 Win=131776 Len=0 TSval=734761583 TSecr=1367443020
03:04.4 583 49236 443 CS0 localhost example.com TLSv1.3 Client Hello
03:04.5 66 443 49236 CS0 example.com localhost TCP 443  >  49236 [ACK] Seq=1 Ack=518 Win=67072 Len=0 TSval=1367443118 TSecr=734761583
03:04.5 165 443 49236 CS0 example.com localhost TLSv1.3 Hello Retry Request, Change Cipher Spec
03:04.5 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=518 Ack=100 Win=131648 Len=0 TSval=734761673 TSecr=1367443118
03:04.5 409 49236 443 CS0 localhost example.com TLSv1.3 Change Cipher Spec, Client Hello
03:04.6 66 443 49236 CS0 example.com localhost TCP 443  >  49236 [ACK] Seq=100 Ack=861 Win=68096 Len=0 TSval=1367443216 TSecr=734761673
03:04.6 1468 443 49236 CS0 example.com localhost TLSv1.3 Server Hello, Encrypted Extensions
03:04.6 1468 443 49236 CS0 example.com localhost TCP 443  >  49236 [PSH, ACK] Seq=1502 Ack=861 Win=68096 Len=1402 TSval=1367443217 TSecr=734761673 [TCP segment of a reassembled PDU]
03:04.6 1423 443 49236 CS0 example.com localhost TLSv1.3 Certificate, Certificate Verify, Finished
03:04.6 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=861 Ack=2904 Win=128832 Len=0 TSval=734761766 TSecr=1367443217
03:04.6 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=861 Ack=4261 Win=127488 Len=0 TSval=734761766 TSecr=1367443217
03:04.6 66 49236 443 CS0 localhost example.com TCP [TCP Window Update] 49236  >  443 [ACK] Seq=861 Ack=4261 Win=131072 Len=0 TSval=734761766 TSecr=1367443217
03:04.6 140 49236 443 CS0 localhost example.com TLSv1.3 Finished
03:04.6 158 49236 443 CS0 localhost example.com HTTP2 Magic, SETTINGS[0], WINDOW_UPDATE[0]
03:04.6 534 49236 443 CS0 localhost example.com HTTP2 HEADERS[1]: GET /
03:04.7 66 443 49236 CS0 example.com localhost TCP 443  >  49236 [ACK] Seq=4261 Ack=935 Win=68096 Len=0 TSval=1367443321 TSecr=734761772
03:04.7 66 443 49236 CS0 example.com localhost TCP 443  >  49236 [ACK] Seq=4261 Ack=1027 Win=68096 Len=0 TSval=1367443321 TSecr=734761772
03:04.7 66 443 49236 CS0 example.com localhost TCP 443  >  49236 [ACK] Seq=4261 Ack=1495 Win=69120 Len=0 TSval=1367443321 TSecr=734761772
03:04.7 321 443 49236 CS0 example.com localhost TLSv1.3 New Session Ticket
03:04.7 321 443 49236 CS0 example.com localhost TLSv1.3 New Session Ticket
03:04.7 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=1495 Ack=4516 Win=130816 Len=0 TSval=734761864 TSecr=1367443321
03:04.7 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=1495 Ack=4771 Win=130560 Len=0 TSval=734761864 TSecr=1367443321
03:04.7 193 443 49236 CS0 example.com localhost HTTP2 WINDOW_UPDATE[0]
03:04.7 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=1495 Ack=4898 Win=130432 Len=0 TSval=734761864 TSecr=1367443321
03:04.7 982 443 49236 CS0 example.com localhost HTTP2 DATA[1]
03:04.7 66 49236 443 CS0 localhost example.com TCP 49236  >  443 [ACK] Seq=1495 Ack=5814 Win=129472 Len=0 TSval=734761864 TSecr=1367443322
03:04.7 97 49236 443 CS0 localhost example.com HTTP2 SETTINGS[0]
03:04.9 66 443 49236 CS0 example.com localhost TCP 443  >  49236 [ACK] Seq=5814 Ack=1526 Win=69120 Len=0 TSval=1367443462 TSecr=734761864

all packets(暗号化されていない場合)

今回の全パケットはこちらです。わかりやすいように src/dest IP address は名前にしてあります。

# time src dest protocol length TCP flags seq ack info
130 2.487113 localhost example.com TCP 78 ····CE····S· 0 0 58364 → 443 [SYN, ECN, CWR] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=107391323 TSecr=0 SACK_PERM=1
133 2.641277 example.com localhost TCP 74 ·····E·A··S· 0 1 443 → 58364 [SYN, ACK, ECN] Seq=0 Ack=1 Win=65535 Len=0 MSS=1382 SACK_PERM=1 TSval=2936265566 TSecr=107391323 WS=512
134 2.641642 localhost example.com TCP 66 ·······A···· 1 1 58364 → 443 [ACK] Seq=1 Ack=1 Win=131520 Len=0 TSval=107391476 TSecr=2936265566
135 2.642373 localhost example.com TLSv1.3 583 ·······AP··· 1 1 Client Hello
139 2.805043 example.com localhost TCP 66 ·······A···· 1 518 443 → 58364 [ACK] Seq=1 Ack=518 Win=67072 Len=0 TSval=2936265726 TSecr=107391476
140 2.805047 example.com localhost TLSv1.3 165 ·······AP··· 1 518 Hello Retry Request, Change Cipher Spec
141 2.805283 localhost example.com TCP 66 ·······A···· 518 100 58364 → 443 [ACK] Seq=518 Ack=100 Win=131392 Len=0 TSval=107391638 TSecr=2936265727
142 2.80656 localhost example.com TLSv1.3 409 ·······AP··· 518 100 Change Cipher Spec, Client Hello
145 2.967469 example.com localhost TCP 66 ·······A···· 100 861 443 → 58364 [ACK] Seq=100 Ack=861 Win=68096 Len=0 TSval=2936265895 TSecr=107391639
146 2.96767 example.com localhost TLSv1.3 1436 ·······A···· 100 861 Server Hello, Application Data
147 2.972801 example.com localhost TCP 1436 ·······AP··· 1470 861 443 → 58364 [PSH, ACK] Seq=1470 Ack=861 Win=68096 Len=1370 TSval=2936265897 TSecr=107391639 [TCP segment of a reassembled PDU]
148 2.972935 example.com localhost TLSv1.3 1436 ·······A···· 2840 861 Application Data, Application Data
149 2.97294 example.com localhost TLSv1.3 117 ·······AP··· 4210 861 Application Data
150 2.973082 localhost example.com TCP 66 ·······A···· 861 2840 58364 → 443 [ACK] Seq=861 Ack=2840 Win=128768 Len=0 TSval=107391804 TSecr=2936265897
151 2.973117 localhost example.com TCP 66 ·······A···· 861 4261 58364 → 443 [ACK] Seq=861 Ack=4261 Win=127296 Len=0 TSval=107391804 TSecr=2936265897
152 2.997266 localhost example.com TCP 66 ·······A···· 861 4261 [TCP Window Update] 58364 → 443 [ACK] Seq=861 Ack=4261 Win=131072 Len=0 TSval=107391828 TSecr=2936265897
153 2.998117 localhost example.com TLSv1.3 140 ·······AP··· 861 4261 Application Data
154 2.998521 localhost example.com TLSv1.3 158 ·······AP··· 935 4261 Application Data
155 2.998889 localhost example.com TLSv1.3 534 ·······AP··· 1027 4261 Application Data
173 3.151537 example.com localhost TCP 66 ·······A···· 4261 935 443 → 58364 [ACK] Seq=4261 Ack=935 Win=68096 Len=0 TSval=2936266078 TSecr=107391828
174 3.15154 example.com localhost TLSv1.3 321 ·······AP··· 4261 935 Application Data
175 3.151542 example.com localhost TLSv1.3 321 ·······AP··· 4516 935 Application Data
176 3.151543 example.com localhost TLSv1.3 162 ·······AP··· 4771 935 Application Data, Application Data
177 3.151817 localhost example.com TCP 66 ·······A···· 1495 4516 58364 → 443 [ACK] Seq=1495 Ack=4516 Win=130816 Len=0 TSval=107391979 TSecr=2936266078
178 3.151817 localhost example.com TCP 66 ·······A···· 1495 4771 58364 → 443 [ACK] Seq=1495 Ack=4771 Win=130560 Len=0 TSval=107391979 TSecr=2936266078
179 3.151817 localhost example.com TCP 66 ·······A···· 1495 4867 58364 → 443 [ACK] Seq=1495 Ack=4867 Win=130432 Len=0 TSval=107391979 TSecr=2936266078
180 3.152917 localhost example.com TLSv1.3 97 ·······AP··· 1495 4867 Application Data
181 3.158304 example.com localhost TLSv1.3 97 ·······AP··· 4867 1027 Application Data
182 3.158506 localhost example.com TCP 66 ·······A···· 1526 4898 58364 → 443 [ACK] Seq=1526 Ack=4898 Win=131008 Len=0 TSval=107391985 TSecr=2936266080
183 3.171335 example.com localhost TLSv1.3 981 ·······AP··· 4898 1495 Application Data, Application Data, Application Data
184 3.171566 localhost example.com TCP 66 ·······A···· 1526 5813 58364 → 443 [ACK] Seq=1526 Ack=5813 Win=130112 Len=0 TSval=107391998 TSecr=2936266087
185 3.326376 example.com localhost TCP 66 ·······A···· 5813 1526 443 → 58364 [ACK] Seq=5813 Ack=1526 Win=69120 Len=0 TSval=2936266254 TSecr=107391980
1098 48.839818 localhost example.com TCP 54 ·······A···· 1525 5813 [TCP Keep-Alive] 58364 → 443 [ACK] Seq=1525 Ack=5813 Win=131072 Len=0
1108 48.992493 example.com localhost TCP 66 ·······A···· 5813 1526 [TCP Keep-Alive ACK] 443 → 58364 [ACK] Seq=5813 Ack=1526 Win=69120 Len=0 TSval=2936311918 TSecr=107391998
1369 64.549821 example.com localhost TCP 66 ·······A···· 5812 1526 [TCP Keep-Alive] 443 → 58364 [ACK] Seq=5812 Ack=1526 Win=69120 Len=0 TSval=2936327237 TSecr=107391998
1370 64.55017 localhost example.com TCP 66 ·······A···· 1526 5813 [TCP Keep-Alive ACK] 58364 → 443 [ACK] Seq=1526 Ack=5813 Win=131072 Len=0 TSval=107452954 TSecr=2936311918
2417 109.887607 localhost example.com TCP 54 ·······A···· 1525 5813 [TCP Keep-Alive] 58364 → 443 [ACK] Seq=1525 Ack=5813 Win=131072 Len=0
2418 110.041827 example.com localhost TCP 66 ·······A···· 5813 1526 [TCP Keep-Alive ACK] 443 → 58364 [ACK] Seq=5813 Ack=1526 Win=69120 Len=0 TSval=2936372958 TSecr=107452954
2790 125.889367 example.com localhost TCP 66 ·······A···· 5812 1526 [TCP Keep-Alive] 443 → 58364 [ACK] Seq=5812 Ack=1526 Win=69120 Len=0 TSval=2936388677 TSecr=107452954
2791 125.889583 localhost example.com TCP 66 ·······A···· 1526 5813 [TCP Keep-Alive ACK] 58364 → 443 [ACK] Seq=1526 Ack=5813 Win=131072 Len=0 TSval=107513834 TSecr=2936372958
4317 171.346262 localhost example.com TCP 54 ·······A···· 1525 5813 [TCP Keep-Alive] 58364 → 443 [ACK] Seq=1525 Ack=5813 Win=131072 Len=0
4318 171.522983 example.com localhost TCP 66 ·······A···· 5813 1526 [TCP Keep-Alive ACK] 443 → 58364 [ACK] Seq=5813 Ack=1526 Win=69120 Len=0 TSval=2936434446 TSecr=107513834
4366 183.843569 example.com localhost TLSv1.3 123 ·······AP··· 5813 1526 Application Data
4367 183.843575 example.com localhost TLSv1.3 90 ·······AP··· 5870 1526 Application Data
4368 183.843577 example.com localhost TCP 66 ·······A···F 5894 1526 443 → 58364 [FIN, ACK] Seq=5894 Ack=1526 Win=69120 Len=0 TSval=2936446685 TSecr=107513834
4369 183.844156 localhost example.com TCP 66 ·······A···· 1526 5870 58364 → 443 [ACK] Seq=1526 Ack=5870 Win=131008 Len=0 TSval=107571319 TSecr=2936446685
4370 183.844157 localhost example.com TCP 66 ·······A···· 1526 5894 58364 → 443 [ACK] Seq=1526 Ack=5894 Win=130944 Len=0 TSval=107571319 TSecr=2936446685
4371 183.8442 localhost example.com TCP 66 ·······A···· 1526 5895 58364 → 443 [ACK] Seq=1526 Ack=5895 Win=130944 Len=0 TSval=107571319 TSecr=2936446685
4372 183.846191 localhost example.com TCP 54 ·······A·R·· 1526 5895 58364 → 443 [RST, ACK] Seq=1526 Ack=5895 Win=131008 Len=0
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?