Network Traffic Analysis for Web Browsing with DNS over HTTPS and HTTP/3.0
Google Chrome started support HTTP/3.0 from the October 2020. Unlike the previous HTTP protocols, HTTP/3.0 uses UDP rather than TCP to avoid TCP Head of Line Blocking (HOL). This sample analysis was carried out during the Internet Society Sri Lanka Chapter webinar.
Download Link to Packet Capture: https://bit.ly/quicpcap
You need Wireshark packet analyzer to do the analysis. Wireshark can be downloaded from here if you have not installed Wireshark yet. (Wireshark Download https://www.wireshark.org/download.html)
Then open the Packet Capture file from Wireshark and Go to Statistics->Flow Graph on Wireshark.
Here is the flow of the traffic while accessing the Google.com.
Step 1: The PC with IP address 192.168.124.240 try to resolve Google.com. Since the DNS over HTTPS is enabled, DNS resolving is happens on HTTPS. Since the Firefox browser which I have used during this demonstration uses Cloudflare, it first port 443/TCP with TLSv1.2 protocol Traffic Stream is created to the CloudFlare resolver IP 104.16.248.249.
Step 2: After the successful name resolve, PC connects to Google on IP address 74.125.68.104 on port 443/UDP with QUIC protocol for retrieving the Google.com web page.
After closing the Flow Analysis Window, click on a QUIC packet and you can verify 443/UDP traffic flow.
To Enable DNS over HTTPS in Firefox
Step 1: Click the menu button and select Preferences.
Step 2:In the General panel, scroll down to Network Settings and click the Setting button.
Step 3: In the dialog box that opens, scroll down to Enable DNS over HTTPS.
Click OK to save your changes and close the window.
To Enable HTTP/3.0 in Firefox
Step 1: Go to address bar and type
about:config
and hit enter
Step 2: Click Accept the Risk and Continue Button
Step 3: Search for
network.http.http3.enabled
and toggle it to true.
To Enable HTTP/3.0 in Google Chrome
Step 1: Go to address bar and type
chrome://flags/#enable-quic
and hit enter.
Step 2: Change the value from Default to Enabled
Note that after enabling HTTP/3.0, Google, Facebook, Youtube & CloudFlare hosted/proxies website will be retried to HTTP/3.0 which make YouTube faster and Google Docs slower.
Additional Tweaks
To Verify DNS over HTTPS status visit https://1.1.1.1/help
To Check ESNI Status for Browser Privacy visit https://www.cloudflare.com/ssl/encrypted-sni/