wiki:doc/Snowflake/Fingerprinting

Page to keep notes about the fingerprintability of WebRTC, relevant to the Snowflake pluggable transport.

Tech report "Fingerprintability of WebRTC" by David Fifield and Mia Gil Epner: https://arxiv.org/abs/1605.08805.

An analysis of use of WebRTC by some mobile apps: https://andyet.com/webrtc-reports/.

Potential identifying features:

  • STUN: USERNAME attribute, free-form text.
  • STUN: optional FINGERPRINT attribute.
  • STUN: optional(?) SOFTWARE attribute.
  • STUN attributes in general: their type and order.
  • DTLS: client ciphersuites (type and order).
  • DTLS: client extensions (type and order).
  • DTLS: server extensions (type and order).
  • DTLS: certificate validity period.

DNS seems like no big deal? Other layers to look at?

Data channels use DTLS while non-data (media, video) use SRTP. WebRTC Data Channels: "In the WebRTC framework, communication between the parties consists of media (for example audio and video) and non-media data. Media is sent using SRTP, and is not specified further here. Non-media data is handled by using SCTP [RFC4960] encapsulated in DTLS." Web Real-Time Communication (WebRTC): Media Transport and Use of RTP

Bro script to fingerprint DTLS

https://github.com/miagilepner/DTLS-fingerprint

Snowflake Dissections

DTLS

The unknown (0x0017) extension is present in all DTLS communication and is concerning. Looks like 0x0017 is extended master secret.


Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 110
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 98
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 98
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Nov 15, 2056 17:39:12.000000000 PST
                Random Bytes: 061231403fafc5f8592806c668f47fd7c8723693e723f3d6...
            Session ID Length: 0
            Cookie Length: 0
            Cipher Suites Length: 18
            Cipher Suites (9 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 38
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: Unknown 23
                Type: Unknown (0x0017)
                Length: 0
                Data (0 bytes)
            Extension: SessionTicket TLS
                Type: SessionTicket TLS (0x0023)
                Length: 0
                Data (0 bytes)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 6
                Elliptic Curves Length: 4
                Elliptic curves (2 curves)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: secp384r1 (0x0018)


Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 80
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 68
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 68
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Feb  3, 2016 12:40:26.000000000 PST
                Random Bytes: 77a5a5590ca7147b4130e4f92bc6de09954c7ba9b8e00753...
            Session ID Length: 0
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Compression Method: null (0)
            Extensions Length: 28
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: Unknown 23
                Type: Unknown (0x0017)
                Length: 0
                Data (0 bytes)
            Extension: SessionTicket TLS
                Type: SessionTicket TLS (0x0023)
                Length: 0
                Data (0 bytes)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 431
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 419
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 419
            Certificates Length: 416
            Certificates (416 bytes)
                Certificate Length: 413
                Certificate (id-at-commonName=WebRTC)
                    signedCertificate
                        serialNumber: -199448578203076297
                        signature (sha256WithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=WebRTC)
                                RDNSequence item: 1 item (id-at-commonName=WebRTC)
                                    RelativeDistinguishedName item (id-at-commonName=WebRTC)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: WebRTC
                        validity
                            notBefore: utcTime (0)
                                utcTime: 16-02-02 20:40:24 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 16-03-04 20:40:24 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=WebRTC)
                                RDNSequence item: 1 item (id-at-commonName=WebRTC)
                                    RelativeDistinguishedName item (id-at-commonName=WebRTC)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: WebRTC
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100f80b20502afafd6ce3c2da226231dc04b3...
                    algorithmIdentifier (sha256WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                    Padding: 0
                    encrypted: 8ad10f58e3bd116f2d44632775018cde8e5bc51acb4dc914...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 211
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 199
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 199
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: secp256r1 (0x0017)
                Pubkey Length: 65
                Pubkey: 04042d88c974e3c5aead9b9602e16be7eee110a5bf5b6c07...
                Signature Length: 128
                Signature: 2921d3af691af98af3988b518416caaef54e2cda54f0694f...
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate Request
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 17
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 5
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 5
            Certificate types count: 2
            Certificate types (2 types)
                Certificate type: RSA Sign (1)
                Certificate type: ECDSA Sign (64)
            Distinguished Names Length: 0
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 4
        Length: 12
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0
            Message Sequence: 4
            Fragment Offset: 0
            Fragment Length: 0

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 431
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 419
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 419
            Certificates Length: 416
            Certificates (416 bytes)
                Certificate Length: 413
                Certificate (id-at-commonName=WebRTC)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 968514978
                        signature (sha256WithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=WebRTC)
                                RDNSequence item: 1 item (id-at-commonName=WebRTC)
                                    RelativeDistinguishedName item (id-at-commonName=WebRTC)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: WebRTC
                        validity
                            notBefore: utcTime (0)
                                utcTime: 16-01-27 21:22:56 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 16-02-26 21:22:56 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=WebRTC)
                                RDNSequence item: 1 item (id-at-commonName=WebRTC)
                                    RelativeDistinguishedName item (id-at-commonName=WebRTC)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: WebRTC
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100c6d0e52fb7906d54726fff0d4d5a611a5d...
                    algorithmIdentifier (sha256WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                    Padding: 0
                    encrypted: 3787bcc099fd7d1fede13e633b79de93aedc62336b6e8ef0...
    DTLSv1.0 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 78
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 66
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 66
            EC Diffie-Hellman Client Params
                Pubkey Length: 65
                Pubkey: 04be8aed734fd935d017b11d9e0d36401989a9a535bbe9ab...
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate Verify
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 142
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 130
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 130
    DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 4
        Length: 1
        Change Cipher Spec Message
    Record Layer
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 1
        Sequence Number: 0
        Length: 64
        Handshake Protocol


Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: New Session Ticket
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 5
        Length: 610
        Handshake Protocol: New Session Ticket
            Handshake Type: New Session Ticket (4)
            Length: 598
            Message Sequence: 5
            Fragment Offset: 0
            Fragment Length: 598
            TLS Session Ticket
                Session Ticket Lifetime Hint: 7200
                Session Ticket Length: 592
                Session Ticket: aeb7218d071c2610c61f708141dcb625c90ae8703c1aaf1b...
    DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 6
        Length: 1
        Change Cipher Spec Message
    Record Layer
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 1
        Sequence Number: 0
        Length: 64
        Handshake Protocol

STUN

Session Traversal Utilities for NAT
    [Response In: 2]
    Message Type: 0x0001 (Binding Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 0
    Message Cookie: 2112a442
    Message Transaction ID: 4734332b507130774f7a2b31


Session Traversal Utilities for NAT
    [Request In: 1]
    [Time: 0.071000000 seconds]
    Message Type: 0x0101 (Binding Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 12
    Message Cookie: 2112a442
    Message Transaction ID: 4734332b507130774f7a2b31
    Attributes
        XOR-MAPPED-ADDRESS: 192.0.2.10:56631
            Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): fc25
            [Port: 56631]
            IP (XOR-d): 83fcba14
            [IP: 192.0.2.10 (192.0.2.10)]


Session Traversal Utilities for NAT
    [Response In: 13]
    Message Type: 0x0001 (Binding Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 96
    Message Cookie: 2112a442
    Message Transaction ID: 6152536e75732b364a494538
    Attributes
        USERNAME: kobaHqEbY+V1ziVB:T+bbk5iYxqr95mKy
            Attribute Type: USERNAME (0x0006)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 33
            Username: kobaHqEbY+V1ziVB:T+bbk5iYxqr95mKy
            Padding: 3
        ICE-CONTROLLING
            Attribute Type: ICE-CONTROLLING (0x802a)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Tie breaker: 9ef84ba2fafac8a8
        USE-CANDIDATE
            Attribute Type: USE-CANDIDATE (0x0025)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 0
        PRIORITY
            Attribute Type: PRIORITY (0x0024)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            Priority: 1853759231
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: 66f748838e0a05e60fc56e3345937ad40f19221c
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x76c1aa8f


Session Traversal Utilities for NAT
    [Request In: 3]
    [Time: 0.290224000 seconds]
    Message Type: 0x0101 (Binding Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 44
    Message Cookie: 2112a442
    Message Transaction ID: 6152536e75732b364a494538
    Attributes
        XOR-MAPPED-ADDRESS: 192.0.2.10:56631
            Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): fc25
            [Port: 56631]
            IP (XOR-d): 83fcba14
            [IP: 192.0.2.10 (192.0.2.10)]
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: aac12f05a0635a534e794e7c6273ea6a5c2945ed
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x69ae371e

Session Traversal Utilities for NAT
    [Response In: 5]
    Message Type: 0x0001 (Binding Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 92
    Message Cookie: 2112a442
    Message Transaction ID: 6e2b51714d6e734250714a48
    Attributes
        USERNAME: T+bbk5iYxqr95mKy:kobaHqEbY+V1ziVB
            Attribute Type: USERNAME (0x0006)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 33
            Username: T+bbk5iYxqr95mKy:kobaHqEbY+V1ziVB
            Padding: 3
        ICE-CONTROLLED
            Attribute Type: ICE-CONTROLLED (0x8029)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Tie breaker: 4e2bfda493c8265e
        PRIORITY
            Attribute Type: PRIORITY (0x0024)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            Priority: 1853824767
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: d09add55f86f6d1780afd4b9ab4780fe1350ef1e
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x969a56c0


Session Traversal Utilities for NAT
    [Request In: 4]
    [Time: 0.000331000 seconds]
    Message Type: 0x0101 (Binding Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 44
    Message Cookie: 2112a442
    Message Transaction ID: 6e2b51714d6e734250714a48
    Attributes
        XOR-MAPPED-ADDRESS: 199.241.201.138:51749
            Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): eb37
            [Port: 51749]
            IP (XOR-d): e6e36dc8
            [IP: 199.241.201.138 (199.241.201.138)]
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: e61427b2b55c60c2d135262e947bdfe26f2c0f9b
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0xca4bdcce

OpenTokRTC Dissections

These are of https://opentokrtc.com/

DNS

DNS Queries (A and AAAA).

Domain Name System (query)
    Transaction ID: 0x75f7
    Flags: 0x0100 Standard query
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        mantis004-sjc.tokbox.com: type A, class IN
            Name: mantis004-sjc.tokbox.com
            [Name Length: 24]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)

Domain Name System (query)
    Transaction ID: 0xecea
    Flags: 0x0100 Standard query
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        mantis004-sjc.tokbox.com: type AAAA, class IN
            Name: mantis004-sjc.tokbox.com
            [Name Length: 24]
            [Label Count: 3]
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)

DNS Responses (A and AAAA).

Domain Name System (response)
    Transaction ID: 0x75f7
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 0
    Queries
        mantis004-sjc.tokbox.com: type A, class IN
            Name: mantis004-sjc.tokbox.com
            [Name Length: 24]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        mantis004-sjc.tokbox.com: type A, class IN, addr 74.201.205.3
            Name: mantis004-sjc.tokbox.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 7200
            Data length: 4
            Address: mantis004-sjc.tokbox.com (74.201.205.3)

Domain Name System (response)
    Transaction ID: 0xecea
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 1
    Additional RRs: 0
    Queries
        mantis004-sjc.tokbox.com: type AAAA, class IN
            Name: mantis004-sjc.tokbox.com
            [Name Length: 24]
            [Label Count: 3]
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
    Authoritative nameservers
        tokbox.com: type SOA, class IN, mname ns1.p20.dynect.net
            Name: tokbox.com
            Type: SOA (Start Of a zone of Authority) (6)
            Class: IN (0x0001)
            Time to live: 60
            Data length: 46
            Primary name server: ns1.p20.dynect.net
            Responsible authority's mailbox: ops.tokbox.com
            Serial Number: 2785
            Refresh Interval: 3600 (1 hour)
            Retry Interval: 600 (10 minutes)
            Expire limit: 604800 (7 days)
            Minimum TTL: 60 (1 minute)

DTLS

Firefox

Client hello, using DTLSv1.0, offers 73 cipher suites and 58 elliptic curves. (dcf: wow, look at all the trash ciphersuites: anon/EXPORT/NULL. Whatever this is looks pretty insecure.)

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 284
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 272
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 272
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Oct 24, 2033 15:10:17.000000000 PDT
                Random Bytes: 72f6edee1c5b0c9339761f8a4397d9e4cba5811856849cc6...
            Session ID Length: 0
            Cookie Length: 0
            Cipher Suites Length: 146
            Cipher Suites (73 suites)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
                Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
                Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
                Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
                Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
                Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
                Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (0x0089)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
                Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
                Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
                Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
                Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
                Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
                Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
                Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
                Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
                Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)
                Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA (0x009b)
                Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (0x0046)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
                Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
                Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
                Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
                Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
                Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
                Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)
                Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)
                Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
                Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
                Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
                Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
                Cipher Suite: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000e)
                Cipher Suite: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (0x000b)
                Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)
                Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
                Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
                Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006)
                Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015)
                Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001)
                Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
                Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 84
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
                    EC point format: uncompressed (0)
                    EC point format: ansiX962_compressed_prime (1)
                    EC point format: ansiX962_compressed_char2 (2)
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 58
                Elliptic Curves Length: 56
                Elliptic curves (28 curves)
                    Elliptic curve: sect571r1 (0x000e)
                    Elliptic curve: sect571k1 (0x000d)
                    Elliptic curve: secp521r1 (0x0019)
                    Elliptic curve: brainpoolP512r1 (0x001c)
                    Elliptic curve: sect409k1 (0x000b)
                    Elliptic curve: sect409r1 (0x000c)
                    Elliptic curve: brainpoolP384r1 (0x001b)
                    Elliptic curve: secp384r1 (0x0018)
                    Elliptic curve: sect283k1 (0x0009)
                    Elliptic curve: sect283r1 (0x000a)
                    Elliptic curve: brainpoolP256r1 (0x001a)
                    Elliptic curve: secp256k1 (0x0016)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: sect239k1 (0x0008)
                    Elliptic curve: sect233k1 (0x0006)
                    Elliptic curve: sect233r1 (0x0007)
                    Elliptic curve: secp224k1 (0x0014)
                    Elliptic curve: secp224r1 (0x0015)
                    Elliptic curve: sect193r1 (0x0004)
                    Elliptic curve: sect193r2 (0x0005)
                    Elliptic curve: secp192k1 (0x0012)
                    Elliptic curve: secp192r1 (0x0013)
                    Elliptic curve: sect163k1 (0x0001)
                    Elliptic curve: sect163r1 (0x0002)
                    Elliptic curve: sect163r2 (0x0003)
                    Elliptic curve: secp160k1 (0x000f)
                    Elliptic curve: secp160r1 (0x0010)
                    Elliptic curve: secp160r2 (0x0011)
            Extension: Heartbeat
                Type: Heartbeat (0x000f)
                Length: 1
                Mode: Peer allowed to send requests (1)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)

The server hello chooses 0xc00a cipher suite. The certificate exchanged at this point includes no information about the service being used. (dcf: I'm not familiar with this protocol. Check out how the first certificate has only a one-month validity period.)

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 104
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 92
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 92
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Aug 12, 2005 06:36:11.000000000 PDT
                Random Bytes: da72433e51531543ee4e5c449700d9e055e912fc34fd5909...
            Session ID Length: 32
            Session ID (32 bytes)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Compression Method: null (0)
            Extensions Length: 20
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 286
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 274
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 274
            Certificates Length: 271
            Certificates (271 bytes)
                Certificate Length: 268
                Certificate (id-at-commonName=2)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 3260359887
                        signature (iso.2.840.10045.4.3.2)
                            Algorithm Id: 1.2.840.10045.4.3.2 (iso.2.840.10045.4.3.2)
                        issuer: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=2)
                                RDNSequence item: 1 item (id-at-commonName=2)
                                    RelativeDistinguishedName item (id-at-commonName=2)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: 2
                        validity
                            notBefore: utcTime (0)
                                utcTime: 16-01-19 22:38:13 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 16-02-19 22:38:13 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=2)
                                RDNSequence item: 1 item (id-at-commonName=2)
                                    RelativeDistinguishedName item (id-at-commonName=2)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: 2
                        subjectPublicKeyInfo
                            algorithm (id-ecPublicKey)
                                Algorithm Id: 1.2.840.10045.2.1 (id-ecPublicKey)
                                ECParameters: namedCurve (0)
                                    namedCurve: 1.2.840.10045.3.1.7 (secp256r1)
                            Padding: 0
                            subjectPublicKey: 0453da6b9d9a4102960e077401f869db015bdaac4ce49a6c...
                    algorithmIdentifier (iso.2.840.10045.4.3.2)
                        Algorithm Id: 1.2.840.10045.4.3.2 (iso.2.840.10045.4.3.2)
                    Padding: 0
                    encrypted: 304502201062d3fb7b493022779e796399ab20442545c59a...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 154
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 142
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 142
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: secp256r1 (0x0017)
                Pubkey Length: 65
                Pubkey: 04094aba540abe15421362f07eddab781d1f7e766ad5cb83...
                Signature Length: 71
                Signature: 304502202b2ec5c601f846c295af8033308a973f617f4f19...
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate Request
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 18
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 6
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 6
            Certificate types count: 3
            Certificate types (3 types)
                Certificate type: RSA Sign (1)
                Certificate type: ECDSA Sign (64)
                Certificate type: DSS Sign (2)
            Distinguished Names Length: 0
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 4
        Length: 12
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0
            Message Sequence: 4
            Fragment Offset: 0
            Fragment Length: 0

Then another certificate exchange with a revealing certificate, describing the STUN server:

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 603
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 591
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 591
            Certificates Length: 588
            Certificates (588 bytes)
                Certificate Length: 585
                Certificate (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                    signedCertificate
                        serialNumber: -267696997996496148
                        signature (shaWithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        validity
                            notBefore: utcTime (0)
                                utcTime: 14-07-30 18:41:44 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 24-07-27 18:41:44 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
                    algorithmIdentifier (shaWithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                    Padding: 0
                    encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
    DTLSv1.0 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 78
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 66
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 66
            EC Diffie-Hellman Client Params
                Pubkey Length: 65
                Pubkey: 04e587aa9837220da69673630735f557b15f0e1a84212555...
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate Verify
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 142
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 130
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 130
    DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 4
        Length: 1
        Change Cipher Spec Message
    Record Layer
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 1
        Sequence Number: 0
        Length: 64
        Handshake Protocol

And then another client hello happened, with a different DTLS version (DTLSv1.2) and different cipher suites and hash algorithms. The APN extension also reveals WebRTC.

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: DTLS 1.2 (0xfefd)
        Epoch: 0
        Sequence Number: 0
        Length: 152
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 140
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 140
            Version: DTLS 1.2 (0xfefd)
            Random
                GMT Unix Time: Nov  7, 2055 01:44:02.000000000 PDT
                Random Bytes: c89aa6b07ee7a2ae228e132f8a9a32ae85de577e57c688ad...
            Session ID Length: 0
            Cookie Length: 0
            Cipher Suites Length: 16
            Cipher Suites (8 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 82
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 8
                Elliptic Curves Length: 6
                Elliptic curves (3 curves)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: secp384r1 (0x0018)
                    Elliptic curve: secp521r1 (0x0019)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: Application Layer Protocol Negotiation
                Type: Application Layer Protocol Negotiation (0x0010)
                Length: 18
                ALPN Extension Length: 16
                ALPN Protocol
                    ALPN string length: 6
                    ALPN Next Protocol: webrtc
                    ALPN string length: 8
                    ALPN Next Protocol: c-webrtc
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 7
                Data (7 bytes)
            Extension: signature_algorithms
                Type: signature_algorithms (0x000d)
                Length: 22
                Signature Hash Algorithms Length: 20
                Signature Hash Algorithms (10 algorithms)
                    Signature Hash Algorithm: 0x0401
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0501
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0601
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0403
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0503
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0603
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0203
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0402
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)

The server selects a different cipher suite:

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 74
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 62
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 62
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Jan 15, 2091 20:41:00.000000000 PST
                Random Bytes: 6114446e461d87fb0431cf4cd8273d15072b66c0ed52bb40...
            Session ID Length: 0
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Compression Method: null (0)
            Extensions Length: 22
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
                    EC point format: uncompressed (0)
                    EC point format: ansiX962_compressed_prime (1)
                    EC point format: ansiX962_compressed_char2 (2)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 603
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 591
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 591
            Certificates Length: 588
            Certificates (588 bytes)
                Certificate Length: 585
                Certificate (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                    signedCertificate
                        serialNumber: -267696997996496148
                        signature (shaWithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        validity
                            notBefore: utcTime (0)
                                utcTime: 14-07-30 18:41:44 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 24-07-27 18:41:44 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
                    algorithmIdentifier (shaWithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                    Padding: 0
                    encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 211
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 199
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 199
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: secp256r1 (0x0017)
                Pubkey Length: 65
                Pubkey: 04ccbb0e527b32a548a5d60c4ed0dedafeb9f7dd501fafa5...
                Signature Length: 128
                Signature: 60f3f0251e1147924af3d54ba0d6ff698fb8528ac8bbad1c...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 12
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 0

Chrome

Same 73 trash cipher suites, same 28 ECs as Firefox.

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 284
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 272
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 272
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Jun 30, 2096 12:59:49.000000000 PDT
                Random Bytes: 6626d676c93f15cdc4d3ddf9d22bac7de556b7d9cc5c8768...
            Session ID Length: 0
            Cookie Length: 0
            Cipher Suites Length: 146
            Cipher Suites (73 suites)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
                Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
                Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
                Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
                Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
                Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
                Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (0x0089)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
                Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
                Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
                Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
                Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
                Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
                Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
                Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
                Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
                Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)
                Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA (0x009b)
                Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (0x0046)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
                Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
                Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
                Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
                Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
                Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
                Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)
                Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)
                Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
                Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
                Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
                Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
                Cipher Suite: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000e)
                Cipher Suite: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (0x000b)
                Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)
                Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
                Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
                Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006)
                Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015)
                Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001)
                Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
                Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 84
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
                    EC point format: uncompressed (0)
                    EC point format: ansiX962_compressed_prime (1)
                    EC point format: ansiX962_compressed_char2 (2)
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 58
                Elliptic Curves Length: 56
                Elliptic curves (28 curves)
                    Elliptic curve: sect571r1 (0x000e)
                    Elliptic curve: sect571k1 (0x000d)
                    Elliptic curve: secp521r1 (0x0019)
                    Elliptic curve: brainpoolP512r1 (0x001c)
                    Elliptic curve: sect409k1 (0x000b)
                    Elliptic curve: sect409r1 (0x000c)
                    Elliptic curve: brainpoolP384r1 (0x001b)
                    Elliptic curve: secp384r1 (0x0018)
                    Elliptic curve: sect283k1 (0x0009)
                    Elliptic curve: sect283r1 (0x000a)
                    Elliptic curve: brainpoolP256r1 (0x001a)
                    Elliptic curve: secp256k1 (0x0016)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: sect239k1 (0x0008)
                    Elliptic curve: sect233k1 (0x0006)
                    Elliptic curve: sect233r1 (0x0007)
                    Elliptic curve: secp224k1 (0x0014)
                    Elliptic curve: secp224r1 (0x0015)
                    Elliptic curve: sect193r1 (0x0004)
                    Elliptic curve: sect193r2 (0x0005)
                    Elliptic curve: secp192k1 (0x0012)
                    Elliptic curve: secp192r1 (0x0013)
                    Elliptic curve: sect163k1 (0x0001)
                    Elliptic curve: sect163r1 (0x0002)
                    Elliptic curve: sect163r2 (0x0003)
                    Elliptic curve: secp160k1 (0x000f)
                    Elliptic curve: secp160r1 (0x0010)
                    Elliptic curve: secp160r2 (0x0011)
            Extension: Heartbeat
                Type: Heartbeat (0x000f)
                Length: 1
                Mode: Peer allowed to send requests (1)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)

id-at-commonName=WebRTC instead of id-at-commonName=2. This cert is also only valid for 1 month.

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 104
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 92
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 92
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Jan 28, 2016 16:18:35.000000000 PST
                Random Bytes: 141ae34bdea56488368a8d586f8224d4c0522145b26873d1...
            Session ID Length: 32
            Session ID (32 bytes)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Compression Method: null (0)
            Extensions Length: 20
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 431
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 419
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 419
            Certificates Length: 416
            Certificates (416 bytes)
                Certificate Length: 413
                Certificate (id-at-commonName=WebRTC)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 1600761351
                        signature (sha256WithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=WebRTC)
                                RDNSequence item: 1 item (id-at-commonName=WebRTC)
                                    RelativeDistinguishedName item (id-at-commonName=WebRTC)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: WebRTC
                        validity
                            notBefore: utcTime (0)
                                utcTime: 16-01-22 23:00:39 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 16-02-21 23:00:39 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=WebRTC)
                                RDNSequence item: 1 item (id-at-commonName=WebRTC)
                                    RelativeDistinguishedName item (id-at-commonName=WebRTC)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: uTF8String (4)
                                            uTF8String: WebRTC
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100cb7a64ace273bdce8358b860e9c3659272...
                    algorithmIdentifier (sha256WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                    Padding: 0
                    encrypted: 9bb28422e2424f334a3a7e67a1c35387df1ccfef88d05e71...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 211
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 199
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 199
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: secp256r1 (0x0017)
                Pubkey Length: 65
                Pubkey: 04b23c336a69f95437e43fbd56ff05508ac8262422c30f42...
                Signature Length: 128
                Signature: 6407311ad3f584629405e0f7320dcee94835df8f3333297c...
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate Request
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 17
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 5
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 5
            Certificate types count: 2
            Certificate types (2 types)
                Certificate type: RSA Sign (1)
                Certificate type: ECDSA Sign (64)
            Distinguished Names Length: 0
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 4
        Length: 12
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0
            Message Sequence: 4
            Fragment Offset: 0
            Fragment Length: 0
Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 603
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 591
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 591
            Certificates Length: 588
            Certificates (588 bytes)
                Certificate Length: 585
                Certificate (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                    signedCertificate
                        serialNumber: -267696997996496148
                        signature (shaWithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        validity
                            notBefore: utcTime (0)
                                utcTime: 14-07-30 18:41:44 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 24-07-27 18:41:44 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
                    algorithmIdentifier (shaWithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                    Padding: 0
                    encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
    DTLSv1.0 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 78
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 66
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 66
            EC Diffie-Hellman Client Params
                Pubkey Length: 65
                Pubkey: 04c620ebe617992b983ec14eee36e0bbf18f1932c4ba26a0...
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate Verify
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 142
        Handshake Protocol: Certificate Verify
            Handshake Type: Certificate Verify (15)
            Length: 130
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 130
    DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 4
        Length: 1
        Change Cipher Spec Message
    Record Layer
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 1
        Sequence Number: 0
        Length: 64
        Handshake Protocol

Second client hello. Weirdly, the first part of the packet says DTLS 1.0, second part says DTLS 1.2. Notice how extensions are different than the Firefox client hello.;

Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 150
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 138
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 138
            Version: DTLS 1.2 (0xfefd)
            Random
                GMT Unix Time: Sep  8, 1991 05:05:34.000000000 PDT
                Random Bytes: 367c6923a9da9b0f08ec82bcb97b8097011b4e167408fa88...
            Session ID Length: 0
            Cookie Length: 0
            Cipher Suites Length: 30
            Cipher Suites (15 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)
                Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 66
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
             Extension: Unknown 23
                Type: Unknown (0x0017)
                Length: 0
                Data (0 bytes)
            Extension: SessionTicket TLS
                Type: SessionTicket TLS (0x0023)
                Length: 0
                Data (0 bytes)
            Extension: signature_algorithms
                Type: signature_algorithms (0x000d)
                Length: 22
                Signature Hash Algorithms Length: 20
                Signature Hash Algorithms (10 algorithms)
                    Signature Hash Algorithm: 0x0601
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0603
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0501
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0503
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0401
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0403
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0301
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0303
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0203
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: ECDSA (3)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 7
                Data (7 bytes)
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: elliptic_curves
                Type: elliptic_curves (0x000a)
                Length: 6
                Elliptic Curves Length: 4
                Elliptic curves (2 curves)
                    Elliptic curve: secp256r1 (0x0017)
                    Elliptic curve: secp384r1 (0x0018)
Datagram Transport Layer Security
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 0
        Length: 74
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 62
            Message Sequence: 0
            Fragment Offset: 0
            Fragment Length: 62
            Version: DTLS 1.0 (0xfeff)
            Random
                GMT Unix Time: Nov 25, 2010 18:01:53.000000000 PST
                Random Bytes: ebde5bdcdd5dc0110ac8785585c210e1ee15e0a459d0d6c4...
            Session ID Length: 0
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Compression Method: null (0)
            Extensions Length: 22
            Extension: renegotiation_info
                Type: renegotiation_info (0xff01)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: ec_point_formats
                Type: ec_point_formats (0x000b)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
                    EC point format: uncompressed (0)
                    EC point format: ansiX962_compressed_prime (1)
                    EC point format: ansiX962_compressed_char2 (2)
            Extension: use_srtp
                Type: use_srtp (0x000e)
                Length: 5
                Data (5 bytes)
    DTLSv1.0 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 1
        Length: 603
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 591
            Message Sequence: 1
            Fragment Offset: 0
            Fragment Length: 591
            Certificates Length: 588
            Certificates (588 bytes)
                Certificate Length: 585
                Certificate (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                    signedCertificate
                        serialNumber: -267696997996496148
                        signature (shaWithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        validity
                            notBefore: utcTime (0)
                                utcTime: 14-07-30 18:41:44 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 24-07-27 18:41:44 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
                                RDNSequence item: 1 item (id-at-countryName=US)
                                    RelativeDistinguishedName item (id-at-countryName=US)
                                        Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: US
                                RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
                                    RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
                                        Id: 2.5.4.8 (id-at-stateOrProvinceName)
                                        DirectoryString: printableString (1)
                                            printableString: California
                                RDNSequence item: 1 item (id-at-localityName=San Francisco)
                                    RelativeDistinguishedName item (id-at-localityName=San Francisco)
                                        Id: 2.5.4.7 (id-at-localityName)
                                        DirectoryString: printableString (1)
                                            printableString: San Francisco
                                RDNSequence item: 1 item (id-at-organizationName=Tokbox)
                                    RelativeDistinguishedName item (id-at-organizationName=Tokbox)
                                        Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: Tokbox
                                RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
                                    RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
                                        Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: mantis.tokbox.com
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            Padding: 0
                            subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
                    algorithmIdentifier (shaWithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
                    Padding: 0
                    encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 2
        Length: 211
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 199
            Message Sequence: 2
            Fragment Offset: 0
            Fragment Length: 199
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: secp256r1 (0x0017)
                Pubkey Length: 65
                Pubkey: 0428bd3b98a7f80c4a8c276ed24a437f835e1c42e6cc61ad...
                Signature Length: 128
                Signature: 93f2b2753ecb4a80048b2e21826925e6ea7c46e1bd99769f...
    DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: DTLS 1.0 (0xfeff)
        Epoch: 0
        Sequence Number: 3
        Length: 12
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0
            Message Sequence: 3
            Fragment Offset: 0
            Fragment Length: 0

STUN

Binding Requests

Here is the binding request, the first STUN packet. The fingerprint and transaction ID are potentials for discovery:

Session Traversal Utilities for NAT
    Message Type: 0x0001 (Binding Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 8
    Message Cookie: 2112a442
    Message Transaction ID: 1ea1d16f0e1794e75c98f212
    Attributes
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x58615c53

And here is the binding success response, coming from the STUN server to the client:

Session Traversal Utilities for NAT
    Message Type: 0x0101 (Binding Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 80
    Message Cookie: 2112a442
    Message Transaction ID: 1ea1d16f0e1794e75c98f212
    Attributes
        XOR-MAPPED-ADDRESS: 192.0.2.10:38645
            Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): b7e7
            [Port: 38645]
            IP (XOR-d): 83fcba14
            [IP: 192.0.2.10 (192.0.2.10)]
        MAPPED-ADDRESS: 192.0.2.10:38645
            Attribute Type: MAPPED-ADDRESS (0x0001)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port: 38645
            IP: 192.0.2.10 (192.0.2.10)
        RESPONSE-ORIGIN: 74.201.205.43:3478
            Attribute Type: RESPONSE-ORIGIN (0x802b)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port: 3478
            IP: 74.201.205.43 (74.201.205.43)
        SOFTWARE
            Attribute Type: SOFTWARE (0x8022)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 29
            Software: Citrix-3.2.5.1 'Marshal West'
            Padding: 3
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x0d6f9ab0

Slightly different binding request packet. This includes a username, tied to the client in the communication, and an ICE-CONTROLLING attribute:

Session Traversal Utilities for NAT
    Message Type: 0x0001 (Binding Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 88
    Message Cookie: 2112a442
    Message Transaction ID: e23bffae1d781551e03ab4a5
<span style="background:lightgreen">    Attributes
<span style="background:red">        USERNAME: BEsGwY5xupyZbhln:7b4693c2</span>
            Attribute Type: USERNAME (0x0006)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 25
            Username: BEsGwY5xupyZbhln:7b4693c2
            Padding: 3
        USE-CANDIDATE
            Attribute Type: USE-CANDIDATE (0x0025)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 0
        PRIORITY
            Attribute Type: PRIORITY (0x0024)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            Priority: 1853686015
        ICE-CONTROLLING
            Attribute Type: ICE-CONTROLLING (0x802a)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Tie breaker: 456a56d73bf53ae0
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: 62bcd99bfabb384398611322966423550257f173
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x733a4947</span>
</pre>

And the response to that:

Session Traversal Utilities for NAT
    Message Type: 0x0101 (Binding Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 0001 = Message Method: 0x0001
        [Binding (0x001)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 44
    Message Cookie: 2112a442
    Message Transaction ID: e23bffae1d781551e03ab4a5
    Attributes
        XOR-MAPPED-ADDRESS: 192.0.2.10:38645
            Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): b7e7
            [Port: 38645]
            IP (XOR-d): 83fcba14
            [IP: 192.0.2.10 (192.0.2.10)]
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: f5883b9e52e311242d66ed99dfb7a0a1ae49b56f
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x0bc6ce07

Allocate requests

Here is the first allocate request packet:

Session Traversal Utilities for NAT
    Message Type: 0x0003 (Allocate Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0011 = Message Method: 0x0003
        [Allocate (0x003)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 24
    Message Cookie: 2112a442
    Message Transaction ID: 4dff273c1cff6d4ec5fc9292
    Attributes
        REQUESTED-TRANSPORT: UDP
            Attribute Type: REQUESTED-TRANSPORT (0x0019)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            Transport: UDP (0x11)
            Reserved: 000000
        LIFETIME 3600
            Attribute Type: LIFETIME (0x000d)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            Lifetime: 3600
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0xbe5775d9

And the response to the allocate request, which errors. This includes information about the server being visited:

Session Traversal Utilities for NAT
    Message Type: 0x0113 (Allocate Error Response)
        .... ...1 ...1 .... = Message Class: 0x0011
        [Error Response (3)]
        ..00 000. 000. 0011 = Message Method: 0x0003
        [Allocate (0x003)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 100
    Message Cookie: 2112a442
    Message Transaction ID: 4dff273c1cff6d4ec5fc9292
    Attributes
        ERROR-CODE 401 (Unauthorized): Unauthorised
            Attribute Type: ERROR-CODE (0x0009)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 16
            Reserved: 0000
            .... .100 = Error Class: 4
            Error Code: 1
            Error Reason Phrase: Unauthorised
        NONCE: 2e7ef3eff1331156
            Attribute Type: NONCE (0x0015)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 16
            Nonce: 2e7ef3eff1331156
        REALM: tokbox.com
            Attribute Type: REALM (0x0014)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 10
            Realm: tokbox.com
            Padding: 2
        SOFTWARE
            Attribute Type: SOFTWARE (0x8022)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 29
            Software: Citrix-3.2.5.1 'Marshal West'
            Padding: 3
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x2fb3b1da

Different allocate request, including username and realm (website):

Session Traversal Utilities for NAT
    Message Type: 0x0003 (Allocate Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 0011 = Message Method: 0x0003
        [Allocate (0x003)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 248
    Message Cookie: 2112a442
    Message Transaction ID: d468b300330fbdc123951d66
        USERNAME: 1453415893:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.5bbce808-6e2b-45d2-9240-201120fc41e5.fb04c070-5be0-4642-b4c4-843d847cdc95
            Attribute Type: USERNAME (0x0006)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 159
            Username: 1453415893:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.5bbce808-6e2b-45d2-9240-201120fc41e5.fb04c070-5be0-4642-b4c4-843d847cdc95
            Padding: 1
        REALM: tokbox.com
            Attribute Type: REALM (0x0014)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 10
            Realm: tokbox.com
            Padding: 2
        NONCE: 2e7ef3eff1331156
            Attribute Type: NONCE (0x0015)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 16
            Nonce: 2e7ef3eff1331156
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: 4e46acb02cd3ad0caea87de15c5b1c50a68f5ec6
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x3e3b0e4e

And the success response:

Session Traversal Utilities for NAT
    Message Type: 0x0103 (Allocate Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 0011 = Message Method: 0x0003
        [Allocate (0x003)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 100
    Message Cookie: 2112a442
    Message Transaction ID: d468b300330fbdc123951d66
    Attributes
        XOR-RELAYED-ADDRESS: 74.201.205.43:14002
            Attribute Type: XOR-RELAYED-ADDRESS (0x0016)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): 17a0
            [Port: 14002]
            IP (XOR-d): 6bdb6969
            [IP: 74.201.205.43 (74.201.205.43)]
        XOR-MAPPED-ADDRESS: 192.0.2.10:38645
            Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): b7e7
            [Port: 38645]
            IP (XOR-d): 83fcba14
            [IP: 192.0.2.10 (192.0.2.10)]
        LIFETIME 3600
            Attribute Type: LIFETIME (0x000d)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            Lifetime: 3600
        SOFTWARE
            Attribute Type: SOFTWARE (0x8022)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 29
            Software: Citrix-3.2.5.1 'Marshal West'
            Padding: 3
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: 5d58469abd4b33c21f5801752ba0aebfa33e6e15
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x5cf4e5c7

Create Permission Requests

Session Traversal Utilities for NAT
    Message Type: 0x0008 (CreatePermission Request)
        .... ...0 ...0 .... = Message Class: 0x0000
        [Request (0)]
        ..00 000. 000. 1000 = Message Method: 0x0008
        [CreatePermission (0x008)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 244
    Message Cookie: 2112a442
    Message Transaction ID: 78455a7886a48015f059e05b
    Attributes
        XOR-PEER-ADDRESS: 74.201.205.3:26103
            Attribute Type: XOR-PEER-ADDRESS (0x0012)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): 44e5
            [Port: 26103]
            IP (XOR-d): 6bdb6941
            [IP: 74.201.205.3 (74.201.205.3)]
        USERNAME: 1453415916:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.31f8dacc-294e-4b44-87c7-c6bf1d50a64a.7f085edd-49f5-4e45-ac04-76fee77527ca
            Attribute Type: USERNAME (0x0006)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 159
            Username: 1453415916:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.31f8dacc-294e-4b44-87c7-c6bf1d50a64a.7f085edd-49f5-4e45-ac04-76fee77527ca
            Padding: 1
        REALM: tokbox.com
            Attribute Type: REALM (0x0014)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 10
            Realm: tokbox.com
            Padding: 2
        NONCE: 37897cf24e67560f
            Attribute Type: NONCE (0x0015)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 16
            Nonce: 37897cf24e67560f
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: 85480b4f3c426600faf1ff50c089ad128debdc3a
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0x5bc32170

And the response:

Session Traversal Utilities for NAT
    Message Type: 0x0108 (CreatePermission Success Response)
        .... ...1 ...0 .... = Message Class: 0x0010
        [Success Response (2)]
        ..00 000. 000. 1000 = Message Method: 0x0008
        [CreatePermission (0x008)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 68
    Message Cookie: 2112a442
    Message Transaction ID: 78455a7886a48015f059e05b
    Attributes
        SOFTWARE
            Attribute Type: SOFTWARE (0x8022)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 29
            Software: Citrix-3.2.5.1 'Marshal West'
            Padding: 3
        MESSAGE-INTEGRITY
            Attribute Type: MESSAGE-INTEGRITY (0x0008)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 20
            HMAC-SHA1: 0cf9c934b676a82a7ecd48a5aed5c9ff56a47639
        FINGERPRINT
            Attribute Type: FINGERPRINT (0x8028)
                1... .... .... .... = Attribute Type Comprehension: 0x0001
                [Optional (1)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 4
            CRC-32: 0xdc967696

Send Indication

Looks like the dissection fails around the DATA part?

Session Traversal Utilities for NAT
    Message Type: 0x0016 (Send Indication)
        .... ...0 ...1 .... = Message Class: 0x0001
        [Indication (1)]
        ..00 000. 000. 0110 = Message Method: 0x0006
        [Send (0x006)]
        ..0. .... .... .... = Message Method Assignment: 0x0000
        [IETF Review (0)]
    Message Length: 132
    Message Cookie: 2112a442
    Message Transaction ID: 5d7f4e81a326a56af8613788
    Attributes
        XOR-PEER-ADDRESS: 74.201.205.3:26103
            Attribute Type: XOR-PEER-ADDRESS (0x0012)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 8
            Reserved: 00
            Protocol Family: IPv4 (0x01)
            Port (XOR-d): 44e5
            [Port: 26103]
            IP (XOR-d): 6bdb6941
            [IP: 74.201.205.3 (74.201.205.3)]
        DATA
            Attribute Type: DATA (0x0013)
                0... .... .... .... = Attribute Type Comprehension: 0x0000
                [Required (0)]
                .0.. .... .... .... = Attribute Type Assignment: 0x0000
                [IETF Review (0)]
            Attribute Length: 108
            Value: 000100582112a4422bb822ea46b85810b300a8aa00060019...
            Trivial File Transfer Protocol
                [Source File: ]
                Opcode: Read Request (1)
                Source File: 
                Type: X!\022\357\277\275B+\357\277\275"\357\277\275F\357\277\275X\020\357\277\275
                Option: \250\252\000 = \006\000
                    Option name: \357\277\275\357\277\275
                    Option value: \006
                Option: \031BVvJ5yJLt6HIDQQN:be827ba2\000 = \000
                    Option name: \031BVvJ5yJLt6HIDQQN:be827ba2
                    Option value: 
                Option: \000 = \000
                    Option name: 
                    Option value: 
                Option: %\000 = \000
                    Option name: %
                    Option value: 
                Option: \000 = $\000
                    Option name: 
                    Option value: $
                Option: \004n}\000 = \377\200*\000
                    Option name: \004n}
                    Option value: \357\277\275\357\277\275*
                Option: \b\210f\217\326H\216h\374\000 = \b\000
                    Option name: \b\357\277\275f\357\277\275\357\277\275H\357\277\275h\357\277\275
                    Option value: \b
[Malformed Packet: TFTP]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]
Last modified 14 months ago Last modified on Jul 13, 2016, 5:49:59 AM