Skip to content
Peter Wu edited this page Apr 24, 2019 · 71 revisions

This is a listing of tools for analysing, debugging and visualising QUIC (and potentially the HTTP mapping). See also the Implementations listing.

Wireshark

Wireshark has a GQUIC decoder1 and IETF-QUIC decoder. HTTP analysis is possible via integration with the HTTP/2 decoder. http3 is not yet supported. To enable handshake/payload decryption, use a Wireshark version that matches the QUIC version:

# First Wireshark version Last WS version notes
-20 v3.1.0rc0-615-g28773689e0 Done.
-19 v3.1.0rc0-520-ga65f7f5838 / 3.0.2 Done.
-18 v2.9.1rc0-487-gd486593ce3 Done since v2.9.1rc0-500-g064a5c90ca
-17 v2.9.1rc0-332-ga0b9e8b652 Done since v2.9.1rc0-456-g19630453bf
-16 v2.9.1rc0-100-g0964b04ee3 v2.9.1rc0-331-gf1fa8df324 Compatible with -15 (no packet change)
-15 v2.9.0rc0-2528-g9bd1c8f155 v2.9.1rc0-331-gf1fa8df324 Available on 2.9.0
-14 v2.9.0rc0-1858-g0aaaa49af3 v2.9.1rc0-108-g075785bd20 Done.
-13 v2.9.0rc0-1850-g2fd42045f5 v2.9.1rc0-100-g0964b04ee3 Decryption updated.
-12 v2.9.0rc0-1816-g81710c7d3c v2.9.0rc0-1863-g7b65208ef3
-11 v2.9.0rc0-291-gee3bc52192 v2.9.0rc0-1829-g1d2fd4f411 +Connection migration (untested)
-10 v2.9.0rc0-200-g88435354c0 v2.9.0rc0-1779-g351ea5940e
-09 v2.5.2rc0-68-geea63ae2a7 2.6.x / v2.9.0rc0-173-g71ddbb69f5 Supports payload decryption (-09)
-08 ? v2.9.0rc0-173-g71ddbb69f5

Automated builds (macOS and Windows) for (odd-numbered) development versions: https://www.wireshark.org/download/automated/
Upstream bug (with sample captures/keys): https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13881
Patches under review: https://code.wireshark.org/review/#/q/status:open+branch:master+topic:QUIC

For payload decryption (>= draft -13), the QUIC traffic secrets are required. The TLS key log file follows the TLS 1.3 labels (with QUIC_ prepended). Every line follows the format <label> <ClientRandom> <TrafficSecret> where <label> is one of: QUIC_CLIENT_EARLY_TRAFFIC_SECRET, QUIC_CLIENT_HANDSHAKE_TRAFFIC_SECRET, QUIC_SERVER_HANDSHAKE_TRAFFIC_SECRET, QUIC_CLIENT_TRAFFIC_SECRET_0, QUIC_SERVER_TRAFFIC_SECRET_0. Example: https://github.com/ngtcp2/ngtcp2/pull/84

For payload decryption (<= draft -12), the TLS Exporter secret is required which must be provided via a TLS key log file. See for example https://github.com/ngtcp2/ngtcp2/pull/67. Note that since OpenSSL_1_1_1-pre5-21-gd4da95a773 (2018-04-18), OpenSSL supports this via its keylog callback.

1Wireshark is not capable of decrypting GQUIC packets itself, even if NSS Keylogging has been configured. However, if a decrypted trace is supplied to Wireshark it will correctly dissect GQUIC if the "Force decrypt" option is enabled in the Settings.

Wireshark draft support

General issues
To-do items for draft -20 completion (completed)
To-do items for draft -19 completion (completed)
  • Removal of VERSION_NEGOTIATION_ERROR (0x9) error code.
  • Removal of QuicVersion fields in TransportParameters. https://code.wireshark.org/review/32833
  • idle_timeout (0x0001) was changed from seconds to milliseconds.
To-do items for draft -18 completion (completed)
To-do items for draft -17 completion (completed)
To-do items for draft -16 completion (completed)
To-do items for draft -15 completion (completed)
To-do items for draft -14 completion (completed)
To-do items for draft -13 completion (more or less complete)
To-do items for draft -12 completion (completed and obsolete)
To-do items for draft -11 completion (completed and obsolete)

QUIC Tracker

QUIC-Tracker is a test suite for IETF-QUIC. It exchanges packets with IETF-QUIC implementations to verify whether an implementation conforms with the IETF specification. The test suite is consisting of several test scenarii. Each of them aims at testing a particular feature of the QUIC protocol. The test suite runs daily, and its results are available on its website.

It currently supports QUIC draft-17/18 and TLS 1.3.

qvalve

qvalve can predictably impair QUIC flows, by dropping, reordering or duplicating individual packets and sequences of packets. It is a non-transparent UDP proxy that should be interposed between a QUIC client and a QUIC server. The behavior of qvalve is configured with rules specified in a simple language.

spindump

The "Spindump" tool is a Unix command-line utility that can be used for latency monitoring in traffic passing through an interface. The tool performs passive, in-network monitoring. It is not a tool to monitor traffic content or metadata of individual connections, and indeed that is not possible in the Internet as most connections are encrypted. The tool looks at the characteristics of transport protocols, such as the QUIC Spin Bit, and attempts to derive information about round-trip times for individual connections or for the aggregate or average values. The tool supports TCP, QUIC, COAP, DNS, and ICMP traffic.

  • Language: C
  • Version: draft-16, draft-17
  • Roles: in-network tool
  • Handshake: QUIC only, does not peek into TLS or HTTP messaging inside
  • Protocol IDs: 0x00000001 0xff000010, 0xff000011, 0x50435131, etc.
  • Public server: n.a.
You can’t perform that action at this time.