Datagram Transport Layer Security (DTLS)
DTLS is a derivation of SSL protocol. It provides the same security services (integrity, authentification and confidentiality) but under UDP protocol. DTLS is implemented by several projects including CyaSSL and the OpenSSL project.
History
This protocol was created to do that which SSL can't : to create a secure protocol under UDP. It's why this protocol is an adaptation of TLS 1.1
Protocol dependencies
UDP: Typically DTLS uses UDP as its transport protocol. There is no well known UDP port for DTLS traffic. OpenSSL v0.9.8b uses port 4433.
Example traffic
XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).
Wireshark
The DTLS dissector works with the OpenSSL v0.9.8b DTLS implementation. It is worked on by Authesserre Samuel.
Preference Settings
If Wireshark is compiled with SSL decryption support, there will be a new option in the preferences for DTLS. This only works for RSA key exchange if the RSA keys can be provided.
RSA keys list
This option specifies the bindings between an IP address, a port, a protocol and a decryption key.
Example: 127.0.0.1,4433,http,/path/to/snakeoil2.key
You can specify several such bindings by separating them with ';'
Example: 127.0.0.1,4433,http,/path/to/snakeoil2.key;10.1.1.1,8080,dns,/other/path/key.pem
Example capture file
Set RSA keys list to 127.0.0.1,4433,http,/path/to/snakeoil-rsa.key to decrypt
Display Filter
A complete list of PROTO display filter fields can be found in the display filter reference
- Show only the DTLS based traffic:
dtls
Capture Filter
You cannot directly filter DTLS protocols while capturing. However, if you know the UDP port used (see above), you can filter on that one.
- Capture only the DTLS traffic over the default port (80):
udp port 80
External links
RFC 4347 Datagram Transport Layer Security - Definition of the DTLS protocol.
http://crypto.stanford.edu/~nagendra/papers/dtls.pdf The Design and Implementation of Datagram TLS - Why and how DTLS was made...