Thank you for the calm and relaxed way you manage to convey content without any form of sensation seeking or unnecessary shouting like many other youtubers do.
I remember my teacher in college trying to tell me that HTTPS was secure in 2012. It was not secure in 2012, he tried to make me look like an idiot even though I showed him proof. Thanks for the video David and Chris!
One always has a chance to avoid MITM when looking at the certificate. HTTPS is not rendered unsecure when one decides to disregard the alarms and trust the connection
Learn how to decrypt TLS, HTTP/2 and QUIC using Wireshark. // MENU // 0:00 ▶ Introduction 1:25 ▶ What is HTTPS vs HTTP2 vs QUIC 6:30 ▶ What is QUIC 9:42 ▶ How long have we been using QUIC 10:12 ▶ Technical tour of QUIC 14:18 ▶ Why use QUIC instead of TCP 17:48 ▶ QUIC negotiation and support 19:04 ▶ Steps to decrypt TLS 20:04 ▶ Is Wireshark useless without the decryption keys 22:16 ▶ MITM 23:47 ▶ Advice on how do I learn Wireshark 25:40 ▶ TCP/IP Illustrated book 25:54 ▶ Rather focus on learning protocols instead of Wireshark 26:35 ▶ Next video ideas // LINKS // PCAP file: davidbombal.wiki/ssldecryptionpcap Previous video: ruclips.net/video/GMNOT1aZmD8/видео.html How to Decrypt SSL with Wireshark - HTTPS Decryption Guide: davidbombal.wiki/sslwireshark Man in the middle Python script: ruclips.net/video/O1jpck31Ask/видео.html Chris shows TLS decryption: ruclips.net/video/5qecyZHL-GU/видео.html Chris Intro to Wireshark: ruclips.net/video/OU-A2EmVrKQ/видео.html // MY STUFF // www.amazon.com/shop/davidbombal // SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RUclips: ruclips.net/user/davidbombal //CHRIS GREER // Udemy course: davidbombal.wiki/chriswireshark LinkedIn: www.linkedin.com/in/cgreer/ RUclips: ruclips.net/user/ChrisGreer Twitter: twitter.com/packetpioneer // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
One complication I've run into is tracing the QUIC back to STUN and TCP. I've created various profiles to help me visualize the UDP Stream, then to the QUIC and STUN IDs. Also, I've been doing performance analysis using TCP with encrypted payloads for a good while now...TCP behavior analysis provides as gold mind of practical performance data show which direction latency is coming from, TCP deadlocks, etc. TCP Illustrate is one of the best, if not the TCP learning narratives. Great Video!
I feel it's important to convey information of this level of sensitivity in a calm way so that the information finds its way to the brain and remains there. You guys have done justice to the topic and the manner of rendering. Thank you, a lot.
03:45 Thanks David for adding this addon (within the main session). Otherwise, it creates confusion that, on one side, Chris mentioned that everything is happening on one TCP session and, on the other side, Chris mentioned "You can think of each stream as an individual TCP connection." So, basically everything is happening on the main TCP connection but due to advance functionality of the HTTP 2.0, multiple streams are working as on separate TCP connection for better functionality and better user experience.
Thing to remember that QUIC was needed because the TCP and UDP protocols cannot be upgraded because the internet connections are full of hardware called middle boxes that can't get firmware upgrades. To provide a better protocol, QUIC was built on top of UDP to give the benefits of TCP without too many of the overheads of TCP.
But that sounds like it takes away the benefits of TCP ? Also what are middle box’s what’s the official name ? Also can someone hijack the Quic connection ID steal the response from the target and use them to impersonate the target to hijack the stream ? Making the server feels like yeah this is the same device only different ip ?
#David & #Chris, You both are brilliant human beings. You create videos with higher honesty so that people can learn and earn and you guys never keep any suspense for the viewers. I have observed, that you always ask the correct question even if the guests try to divert from the main topic. Wonderful work for the community. You deserve a lot of blessings. You can understand how much satisfaction I have watching your series.
I would like to see a video on how to identify the dodge stuff happening. They way Chris explained on how can we go ahead and find it out that’s interesting. Please make that content as soon as possible
Thank you so much for this! This helps me a lot in my CS-degree. My lectures often just name drop all of this protocols and jargon, but don’t really go over them I practice - so these vids are really helpful to give my curriculum some context. Keep up the good and important work guys!
This's so thoughtful of you guys... Delivering such a tutorial you have provided a lot of information in a simplified way. Thank you so much #David & #Chris for that
I've been following QUIC for many moons now, as soon as I had the chance to switch over i did. The speed of UDP with TLS 1.3 is far superior. Doing huge data dumps is so much faster and it's much more reliable and secure.
Both the gurus I follow 🙌 Chris you and Lisa Bock have really helped my journey with Wireshark. David of course you are genius - has helped me step up GNS3 labs and helped me with NETMIKO Automation!! Thank you guys for revolutionizing Network Industry!! We definitely need people like you to ease the pain points in Networking.
Packets are so cool man! I was so hyped watching this video and seeing how all of this data is around us. Thanks for helping me understand this information
Not to mention this will make it more difficult to do port scanning.. Especially, if the firewall filters ICMP responses. For example, if I'm running an API over QUIC using port 34000 for an IoT device and my IoT software firewall filters port unreachable ICMP that port will look the same as any other... You'd have to craft a QUIC initial packet and assume it's QUIC for each port or simply MITM the device. With TCP all ports that are open must respond to a SYN.
You could technically guard against this too.. if the IoT device connected to your Wi-Fi and then got time from NTP and your phone app does the same you both have a time reference to prevent packet replay attacks. Then the IoT device could not listen for anything until an encrypted broadcast packet hit it telling it to listen on port X for Y time which would be a PSK at the time of factory. You could MITM it to see what port was picked for this session but it would be encrypted and make it more difficult to reverse engineer - likely moving to disassembling the app or IoT device itself.
I thought multi-path TCP would be the evolution on transport layer, now I am skeptical. Edit: OH! Now I did a litle google search, and came across Multi-Path QUIC. My head just exploted !!
Around 00:18:12 Chris says he has a client who cannot utilize QUIC because they "don't trust UDP over 443" and have it blocked. What would make them so wary as to block it altogether? I'm sure it happens I'm just unable to understand the particular reason(s) why a network may choose to have it blocked.
Hii, David, I am a new subscriber. I am sad that I didn't find your channel before. I bought multiple of your course at a discount. I am excited to put in the time and hours during this winter. I was hoping to see a roadmap for 2022.
Another smash hit from the David and Chris Show! Just what the doctor ordered and there's even a part 3 on the horizon - boy are we in for a treat... I wonder what's in store for Christmas 😀🥳🌲
I would really appreciate it guys if you could illustrate how can we use wireshark to analyze WhatsApp web packages and be able to identify the location of the sender, that's for the 1st Qs 2nd question is : how hackers can use our ip address and specify which websites we have registered to using our email and pswd, i've heard that in a video but they didn't show what tool they use to get the websites we sign up to using the ip address I want to whether or not this is true And thank you for such quality content, really helps
Hello, was wondering if the decryption could be done using a MITM, for instance the MITM proxy...Would be great to see that happening perhaps in ur next video with Chris!!!!
Hi all, this was a great session. I'm blown away. Question though, doesn't QUIC inhibits security appliances from detecting or scanning the user's traffic, for example, a user at the corporate website visited a website that was prohibited, if QUIC was used to open the session to access the website, the security appliance would not be able to block the website, is that correct?
Hello Thomas! I wouldn't describe QUIC as a tunnel, but as a transport layer protocol of it's own that handles the TLS encryption piece as a part of the protocol. The TCP part that you see in the video is only necessary because the browser first reached out to establish a connection over TCP/TLS. As time goes on, as QUIC becomes more common and middle boxes are configured to forward it (some companies block it) the browser will default to QUIC for some connections.
Isn’t IPSEC considered a different transport protocol than TCP & UDP? Since it has its own IP protocol number (ESP 50 and AH 51) or are these being used less frequently? I know AH breaks with NAT so isn’t used that often except gateway to gateway tunnels.
So im confused, if you wanted to decrypt QUIC or TLS for a specific IP (assuming android, MAC or Windows host) you would need to extract the keys for all those end hosts and then check the packets for said hosts?
Does QUIC have any packet format or does it uses UDP's one coz I remembered in UDP there is no part like destination id but needed some clarifications here Thanks😊
awsome video. it shall help me with configuration of wafs. only 1 statement is not totally true at this stage of the draft. the first packet of quic is essentially http 1.x or http 2 where the tcp handhake happens and the trust of the connection is build. whould quic work without http1 or http2?
THANK YOU , THANK YOU , THANK YOU, if I keep saying thank you wont be enough , the information shared here is enough to pass and impress an employer , really thank you David , ad Chris . I know I wont use these info daily as I am a network engineer but the knowledge is worthy . May God bless you all.
I have a question boss what if quick connection I'd compromise, I mean as you said quic doesn't initiate a new handshake if disconnected and resume from same What if next time the destination is a attacker machine who knows your quic connection id and can respond with wrong data.. If my question is incorrect then also please let me know.. Thanks and lots of love to both of u
Hello Vijay - that is a great question. So... short answer. The QUIC protocol has the potential of sending data in the initial packet of the handshake with a server that it has previously connected to. However, in practice we don't yet see this in use. QUIC handshakes every time. One of the concerns to deploying this feature in the wild is the exact one you mentioned, an attacker initiating the new connection. Stay tuned as the industry and the protocol gives us more detail around how QUIC will address this concern!
I would love to see filtering out the spooky traffic and if it can be automated via a script or not… could be a better solution for monitoring home network…
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
This is a very educative piece. Brilliant conversation and enlightening. Thanks Dave and Chris
Glad you enjoyed it David!
Thank you for the calm and relaxed way you manage to convey content without any form of sensation seeking or unnecessary shouting like many other youtubers do.
Trueee so calm and respectfull and brooo this is so nice to learn with that kind of attitude
Totally agree. I learn better from a conversational pace. Absorption is key.
I remember my teacher in college trying to tell me that HTTPS was secure in 2012. It was not secure in 2012, he tried to make me look like an idiot even though I showed him proof. Thanks for the video David and Chris!
why was it not secure?
@@dean6125 not https was insecure, some libs where. en.wikipedia.org/wiki/Heartbleed
One always has a chance to avoid MITM when looking at the certificate. HTTPS is not rendered unsecure when one decides to disregard the alarms and trust the connection
Learn how to decrypt TLS, HTTP/2 and QUIC using Wireshark.
// MENU //
0:00 ▶ Introduction
1:25 ▶ What is HTTPS vs HTTP2 vs QUIC
6:30 ▶ What is QUIC
9:42 ▶ How long have we been using QUIC
10:12 ▶ Technical tour of QUIC
14:18 ▶ Why use QUIC instead of TCP
17:48 ▶ QUIC negotiation and support
19:04 ▶ Steps to decrypt TLS
20:04 ▶ Is Wireshark useless without the decryption keys
22:16 ▶ MITM
23:47 ▶ Advice on how do I learn Wireshark
25:40 ▶ TCP/IP Illustrated book
25:54 ▶ Rather focus on learning protocols instead of Wireshark
26:35 ▶ Next video ideas
// LINKS //
PCAP file: davidbombal.wiki/ssldecryptionpcap
Previous video: ruclips.net/video/GMNOT1aZmD8/видео.html
How to Decrypt SSL with Wireshark - HTTPS Decryption Guide: davidbombal.wiki/sslwireshark
Man in the middle Python script: ruclips.net/video/O1jpck31Ask/видео.html
Chris shows TLS decryption: ruclips.net/video/5qecyZHL-GU/видео.html
Chris Intro to Wireshark: ruclips.net/video/OU-A2EmVrKQ/видео.html
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: ruclips.net/user/davidbombal
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
RUclips: ruclips.net/user/ChrisGreer
Twitter: twitter.com/packetpioneer
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Sure David sir
Hi i got a question in a cisco router how to i assign myself a autonomous system number? when i get one from a internet registry.?
One complication I've run into is tracing the QUIC back to STUN and TCP. I've created various profiles to help me visualize the UDP Stream, then to the QUIC and STUN IDs. Also, I've been doing performance analysis using TCP with encrypted payloads for a good while now...TCP behavior analysis provides as gold mind of practical performance data show which direction latency is coming from, TCP deadlocks, etc. TCP Illustrate is one of the best, if not the TCP learning narratives. Great Video!
I feel it's important to convey information of this level of sensitivity in a calm way so that the information finds its way to the brain and remains there. You guys have done justice to the topic and the manner of rendering. Thank you, a lot.
03:45 Thanks David for adding this addon (within the main session). Otherwise, it creates confusion that, on one side, Chris mentioned that everything is happening on one TCP session and, on the other side, Chris mentioned "You can think of each stream as an individual TCP connection." So, basically everything is happening on the main TCP connection but due to advance functionality of the HTTP 2.0, multiple streams are working as on separate TCP connection for better functionality and better user experience.
Thing to remember that QUIC was needed because the TCP and UDP protocols cannot be upgraded because the internet connections are full of hardware called middle boxes that can't get firmware upgrades. To provide a better protocol, QUIC was built on top of UDP to give the benefits of TCP without too many of the overheads of TCP.
But that sounds like it takes away the benefits of TCP ?
Also what are middle box’s what’s the official name ?
Also can someone hijack the Quic connection ID steal the response from the target and use them to impersonate the target to hijack the stream ?
Making the server feels like yeah this is the same device only different ip ?
@@ko-Daegu this was my immediate thought. I can only assume that the keys are required too
To me it sounds like udp over TCP. Udp being the protocol that quic is taking advantage of.
#David & #Chris, You both are brilliant human beings. You create videos with higher honesty so that people can learn and earn and you guys never keep any suspense for the viewers. I have observed, that you always ask the correct question even if the guests try to divert from the main topic. Wonderful work for the community. You deserve a lot of blessings. You can understand how much satisfaction I have watching your series.
Amazing teachers. I am so blessed I'm learning all this for free and at the highest quality. Thank you gentlemen.
IKR
I would like to see a video on how to identify the dodge stuff happening. They way Chris explained on how can we go ahead and find it out that’s interesting. Please make that content as soon as possible
That video is coming soon 😀
Identify is certainly
@@davidbombal did it ever came ? soooo looking forward to watching it @david
hi Mr Bombal it's such good opportunity that chris is here and so we can get the advantage to learn from both of you guys God bless u both thx
You're welcome Majid
Thanks for the comment Majid! Great to meet you.
Thank you so much for this! This helps me a lot in my CS-degree. My lectures often just name drop all of this protocols and jargon, but don’t really go over them I practice - so these vids are really helpful to give my curriculum some context. Keep up the good and important work guys!
This's so thoughtful of you guys... Delivering such a tutorial you have provided a lot of information in a simplified way. Thank you so much #David & #Chris for that
I've been following QUIC for many moons now, as soon as I had the chance to switch over i did. The speed of UDP with TLS 1.3 is far superior. Doing huge data dumps is so much faster and it's much more reliable and secure.
I really enjoy this duo.
Thank you!
Thank you David and Chris for this! I'm still learning a lot of cyber and networking, and you guys are helping A LOT!
Thanks David and chris for this precious session. I know now what a QUIC is.
This is brilliant, thanks a lot David & Chris!.
watching and learning everyday from this channel. Thank you so much David and Chris
love from Sierra Leone
I was just looking for this topic a while ago! Thanks for delivering sir!
Thanks David and Chris! Please also do some MITM stuff.
Both the gurus I follow 🙌 Chris you and Lisa Bock have really helped my journey with Wireshark. David of course you are genius - has helped me step up GNS3 labs and helped me with NETMIKO Automation!! Thank you guys for revolutionizing Network Industry!! We definitely need people like you to ease the pain points in Networking.
Great stuff! Thanks a lot David & Chris for sharing the knowledge. Your channel really helping with my studies. Bless 🙏
Great to hear that!
You are the best teacher. Lots of love to U David❤️❤️❤️❤️
Thank you very much!
Just brilliant! Concise and precise information. Thanks to you two.
Packets are so cool man! I was so hyped watching this video and seeing how all of this data is around us. Thanks for helping me understand this information
I love the detail that these videos are going into. Keep it up!
Deeply in love with your channel and courses in udemy too.
Happy to hear that Peter!
Love You Sir❤
From India in Kerala......🎉
12:58 can I steal this Conn ID to take over someone else connection and can snoop into their data (maybe even start a MIM attack) or something ?
Very informative. Keep making this kinda networking and cyber security videos.
Thank you so much!
This guy Chris, the dude has knowledge they don't kick in college :-) A1 content Dave & Chris
Very interessting topic.... thanks for new Updates 🇩🇪
You're welcome Alex!
Not to mention this will make it more difficult to do port scanning.. Especially, if the firewall filters ICMP responses. For example, if I'm running an API over QUIC using port 34000 for an IoT device and my IoT software firewall filters port unreachable ICMP that port will look the same as any other... You'd have to craft a QUIC initial packet and assume it's QUIC for each port or simply MITM the device. With TCP all ports that are open must respond to a SYN.
You could technically guard against this too.. if the IoT device connected to your Wi-Fi and then got time from NTP and your phone app does the same you both have a time reference to prevent packet replay attacks. Then the IoT device could not listen for anything until an encrypted broadcast packet hit it telling it to listen on port X for Y time which would be a PSK at the time of factory. You could MITM it to see what port was picked for this session but it would be encrypted and make it more difficult to reverse engineer - likely moving to disassembling the app or IoT device itself.
Thank you very much for making it simple and easy to comprehend how to use wireshark 🎉
Thank you David and Chris for this video. Looking forward for the next video.
Thank you for watching!
this is interesting, learned a lot . thanks both of you.
I thought multi-path TCP would be the evolution on transport layer, now I am skeptical.
Edit: OH! Now I did a litle google search, and came across Multi-Path QUIC. My head just exploted !!
Around 00:18:12 Chris says he has a client who cannot utilize QUIC because they "don't trust UDP over 443" and have it blocked. What would make them so wary as to block it altogether?
I'm sure it happens I'm just unable to understand the particular reason(s) why a network may choose to have it blocked.
Building the filters and pointing out the weird stuffs from the packets would be fun 😊.. Thank you so much
Looking forward to the next installment, which is specifically of interest to me since i have a bit of a cyber stalking issue.
Hii, David, I am a new subscriber. I am sad that I didn't find your channel before. I bought multiple of your course at a discount. I am excited to put in the time and hours during this winter. I was hoping to see a roadmap for 2022.
Thanks so much, David and Chris for the wonderful information delivered
Excellent series. Absolutely loving it!
Awesome, thank you!
Thank you, sir bombal, for your passionate tutorials!
Very informative! Thank you! Your channel is amazing!
Glad you think so!
You are worth millions respect 🙏
Another smash hit from the David and Chris Show! Just what the doctor ordered and there's even a part 3 on the horizon - boy are we in for a treat... I wonder what's in store for Christmas 😀🥳🌲
Thank you for watching Nick!
I was waiting for this part! Thank you!
Thank you David and Chris…So nice explanation…..❤️
Very good video!
Actually entertaining and learnt a lot
I'm actually really happy I saw this
Really happy to hear that 😀
This video deserves more views
It's so good sir... Looking forward for more contents with David and Chris sir...😃😃
More to come!
I would really appreciate it guys if you could illustrate how can we use wireshark to analyze WhatsApp web packages and be able to identify the location of the sender, that's for the 1st Qs
2nd question is : how hackers can use our ip address and specify which websites we have registered to using our email and pswd, i've heard that in a video but they didn't show what tool they use to get the websites we sign up to using the ip address
I want to whether or not this is true
And thank you for such quality content, really helps
Hello, was wondering if the decryption could be done using a MITM, for instance the MITM proxy...Would be great to see that happening perhaps in ur next video with Chris!!!!
really super and good information about QUIC, thanks david
Glad you liked it!
very great questioning and explanation
great, waiting for more 👏👏👏
Thank you Chris, Thank you David!!! Amazing!!!
What a crossover 👏 ❤
Glad you are enjoying the content 😄
Hi all, this was a great session. I'm blown away. Question though, doesn't QUIC inhibits security appliances from detecting or scanning the user's traffic, for example, a user at the corporate website visited a website that was prohibited, if QUIC was used to open the session to access the website, the security appliance would not be able to block the website, is that correct?
Awesome videos with Chris! Keep up the good work.
Againg a usefull video, since old days called Ethereal, Wireshark is a swiss army 💪
Another outstanding video!
Quick question😅 LOL, sorry for the pun…. Chris, you are saying that quick is using UDP, and yet I see TCP port 1365 on the video. Why is that? 10:53
Love you guys keep up the good work, hope more videos coming from you guys together.
Thank you very much for this detailed explanation I appreciate it
Really awesome information , Thanks you both sir
Thank you! I really appreciate that!
@Chris, Thanks mate
Great! Glad you liked the content.
Glad you enjoyed the video Abhishek!
Thanks David for all your great contents and courses, love them.
Excellent content. Very informative.
Glad you like it! Thank you Nigel!
What an amazing talk.
Hey David you make nice and understandable videos keep them coming :)
Thank you!
wow its is so helpfull, thanks u david keep going the good work.
Glad it was helpful! Thank you!
awesome content dave
Thank you Eryc! I really appreciate that!
More of this please 🥰
Brilliant content!
Thank you!
Really informative one. Thank you
Thank you Raghu!
BEST ON RUclips
In short... QUIC is a tunnel in UDP after TCP use for establishing the session with connection ID as key?
Hello Thomas! I wouldn't describe QUIC as a tunnel, but as a transport layer protocol of it's own that handles the TLS encryption piece as a part of the protocol. The TCP part that you see in the video is only necessary because the browser first reached out to establish a connection over TCP/TLS. As time goes on, as QUIC becomes more common and middle boxes are configured to forward it (some companies block it) the browser will default to QUIC for some connections.
Very informative, thank you!
Thank you for watching!
Brilliant stuff!
Isn’t IPSEC considered a different transport protocol than TCP & UDP? Since it has its own IP protocol number (ESP 50 and AH 51) or are these being used less frequently? I know AH breaks with NAT so isn’t used that often except gateway to gateway tunnels.
Super cool video!!
you guys rock! thanks for the tips
So im confused, if you wanted to decrypt QUIC or TLS for a specific IP (assuming android, MAC or Windows host) you would need to extract the keys for all those end hosts and then check the packets for said hosts?
Maybe you could do SSL/TLS decryption in MITM attacks?
If I recall right there is an inner layer of TLS in QUIC can you show us how to decrypt that one?
Hi i got a question in a cisco router how to i assign myself a autonomous system number? when i get one from a internet registry.?
Does QUIC have any packet format or does it uses UDP's one coz I remembered in UDP there is no part like destination id but needed some clarifications here
Thanks😊
Chris and David Bravo! Just so calm explaining with ease. Thank you so much for this video(s). VERY HELPFUL. @Chris;where can I get that T-Shirt?
awsome video. it shall help me with configuration of wafs. only 1 statement is not totally true at this stage of the draft. the first packet of quic is essentially http 1.x or http 2 where the tcp handhake happens and the trust of the connection is build.
whould quic work without http1 or http2?
EXCELLENT!!! 10/10
THANK YOU , THANK YOU , THANK YOU, if I keep saying thank you wont be enough , the information shared here is enough to pass and impress an employer , really thank you David , ad Chris . I know I wont use these info daily as I am a network engineer but the knowledge is worthy . May God bless you all.
You're welcome Omar! So happy to hear that!
I have a question boss what if quick connection I'd compromise, I mean as you said quic doesn't initiate a new handshake if disconnected and resume from same
What if next time the destination is a attacker machine who knows your quic connection id and can respond with wrong data..
If my question is incorrect then also please let me know..
Thanks and lots of love to both of u
Hello Vijay - that is a great question. So... short answer. The QUIC protocol has the potential of sending data in the initial packet of the handshake with a server that it has previously connected to. However, in practice we don't yet see this in use. QUIC handshakes every time. One of the concerns to deploying this feature in the wild is the exact one you mentioned, an attacker initiating the new connection. Stay tuned as the industry and the protocol gives us more detail around how QUIC will address this concern!
Awesome content. Chris is an amazing guy. I would love to see a man in the middle attack. More difficult = More valuable 😍. Thank you
Thank you!
I would love to see filtering out the spooky traffic and if it can be automated via a script or not… could be a better solution for monitoring home network…
that sounds good .
I would like to see drawbacks of wireshark. Can it have impact on os stack?
Awesome content!
Glad you think so!