Decrypt datachannel(sctp) packet through wireshark

masonyunforlearning · January 3, 2025, 9:01am

Hello I am trying to verify Mediasoup datachannel packets through decrypting DTLS v1.2 packet.
I set cert and key file to worker. But DTLS decryption doesn’t work.
I tried to set key and cert files in worker like this :

 createWorker = async () => {
        this.worker = await mediasoup.createWorker({
            dtlsPrivateKeyFile: "/home/yun/ssl_revised/key.pem",
            dtlsCertificateFile: "/home/yun/ssl_revised/cert.pem",
            logLevel: "debug",
            logTags: [
                "info",
                "ice",
                "dtls",
                "srtp",
                "sctp"
            ]
        })
        this.worker.on('died', error => {
          Log(`Worker died by : ${error}`)  
        })
        await this.createRouter()
    }

and also got logs from worker like this

  mediasoup:Channel request() [method:WEBRTCTRANSPORT_CONNECT] +13ms
  mediasoup:Channel request succeeded [method:WEBRTCTRANSPORT_CONNECT, id:16] +0ms
  mediasoup:Channel [pid:264884] RTC::IceServer::HandleTuple() | transition from state 'new' to 'connected' [hasUseCandidate:false, hasNomination:false, nomination:0] +307ms
  mediasoup:Channel [pid:264884] RTC::WebRtcTransport::OnIceServerSelectedTuple() | ICE selected tuple +1ms
  mediasoup:Channel [pid:264884] RTC::WebRtcTransport::OnIceServerConnected() | ICE connected +0ms
  mediasoup:Channel [pid:264884] RTC::WebRtcTransport::MayRunDtlsTransport() | running DTLS transport in local role 'server' +1ms
  mediasoup:Channel [pid:264884] RTC::WebRtcTransport::OnDtlsTransportConnecting() | DTLS connecting +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::Run() | running [role:server] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | DTLS handshake start +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'before SSL initialization'] +1ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | role: server, waiting:'before SSL initialization'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'before SSL initialization'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS read client hello'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write server hello'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write certificate'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write key exchange'] +10ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write certificate request'] +1ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write server done'] +2ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | role: server, waiting:'SSLv3/TLS write server done'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write server done'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS read client certificate'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS read client key exchange'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS read certificate verify'] +1ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS read change cipher spec'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS read finished'] +3ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write change cipher spec'] +1ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | [role:server, action:'SSLv3/TLS write finished'] +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::OnSslInfo() | DTLS handshake done +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::CheckRemoteFingerprint() | valid remote fingerprint +0ms
  mediasoup:Channel [pid:264884] RTC::DtlsTransport::GetNegotiatedSrtpCryptoSuite() | chosen SRTP crypto suite: SRTP_AEAD_AES_256_GCM +0ms
  mediasoup:Channel [pid:264884] RTC::WebRtcTransport::OnDtlsTransportConnected() | DTLS connected +0ms
  mediasoup:Channel [pid:264884] RTC::SctpAssociation::OnUsrSctpReceiveSctpNotification() | SCTP association connected, streams [out:1024, in:1024] +0ms
  mediasoup:Channel [pid:264884] RTC::IceServer::HandleTuple() | transition from state 'connected' to 'completed' [hasUseCandidate:true, hasNomination:false, nomination:0] +41ms
  mediasoup:Channel [pid:264884] RTC::WebRtcTransport::OnIceServerCompleted() | ICE completed +0ms
  mediasoup:Channel [pid:264884] RTC::SctpAssociation::onRecvSctpData() | data chunk received [length:5, streamId:0, SSN:0, TSN:974910224, PPID:51, context:0, flags:128] +10s
  mediasoup:Channel [pid:264884] RTC::SctpAssociation::onRecvSctpData() | data chunk received [length:5, streamId:0, SSN:0, TSN:3199918235, PPID:51, context:0, flags:128] +9s

This is screenshot of my wireshark DTLS setting:

Sincerely
Thank you

Topic		Replies	Views
Worker DTLS files best practices? mediasoup libraries	4	738	June 1, 2020
SRTP decryption invalid authTag in golang srtp lib Integration	3	24	October 1, 2024
DTLS handshake failed with custom Certificate when server has non standard MTU mediasoup libraries	12	2424	September 4, 2020
Encrypted Alert disconnect mediasoup libraries	3	692	August 25, 2020
DataChannel implemented! Announcements	2	2515	July 14, 2019

Decrypt datachannel(sctp) packet through wireshark

Related topics