Network Traffic Analysis for Web Browsing with DNS over HTTPS and HTTP/3.0

HTTP/3.0 Reply from Google in Firefox Dev Console

Google Chrome started support HTTP/3.0 from the October 2020. Unlike the previous HTTP protocols, HTTP/3.0 uses UDP rather than TCP to avoid TCP Head of Line Blocking (HOL). This sample analysis was carried out during the Internet Society Sri Lanka Chapter webinar.

Download Link to Packet Capture: https://bit.ly/quicpcap

You need Wireshark packet analyzer to do the analysis. Wireshark can be downloaded from here if you have not installed Wireshark yet. (Wireshark Download https://www.wireshark.org/download.html)

Then open the Packet Capture file from Wireshark and Go to Statistics->Flow Graph on Wireshark.

Here is the flow of the traffic while accessing the Google.com.

Step 1: The PC with IP address 192.168.124.240 try to resolve Google.com. Since the DNS over HTTPS is enabled, DNS resolving is happens on HTTPS. Since the Firefox browser which I have used during this demonstration uses Cloudflare, it first port 443/TCP with TLSv1.2 protocol Traffic Stream is created to the CloudFlare resolver IP 104.16.248.249.

DNS Resolving

Step 2: After the successful name resolve, PC connects to Google on IP address 74.125.68.104 on port 443/UDP with QUIC protocol for retrieving the Google.com web page.

Web Traffic Over Port 443/UDP

After closing the Flow Analysis Window, click on a QUIC packet and you can verify 443/UDP traffic flow.

443/UDP

To Enable DNS over HTTPS in Firefox

Step 1: Click the menu button and select Preferences.
Step 2:In the General panel, scroll down to Network Settings and click the Setting button.
Step 3: In the dialog box that opens, scroll down to Enable DNS over HTTPS.
Click OK to save your changes and close the window.

To Enable HTTP/3.0 in Firefox

Step 1: Go to address bar and type

about:config 

and hit enter

Step 2: Click Accept the Risk and Continue Button

Step 3: Search for

network.http.http3.enabled

and toggle it to true.

To Enable HTTP/3.0 in Google Chrome

Step 1: Go to address bar and type

chrome://flags/#enable-quic

and hit enter.

Step 2: Change the value from Default to Enabled

Note that after enabling HTTP/3.0, Google, Facebook, Youtube & CloudFlare hosted/proxies website will be retried to HTTP/3.0 which make YouTube faster and Google Docs slower.

Additional Tweaks

To Verify DNS over HTTPS status visit https://1.1.1.1/help

To Check ESNI Status for Browser Privacy visit https://www.cloudflare.com/ssl/encrypted-sni/

Correctly Configured Browser for Additional Privacy