Ask Your Question
0

Can't no longer find Quic/Gquic protocol on Wireshark analysis

asked 2019-10-31 11:18:55 +0000

Tia-95 gravatar image

Anyone can explain me what should i do to capture QUIC/GQUIC packets? Which Wireshark version for current Gquic version?? I need to complete my university thesis and i can't continue. Since July or August, all worked fine. Thanks for your help!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-10-31 20:02:27 +0000

Guy Harris gravatar image

Anyone can explain me what should i do to capture QUIC/GQUIC packets?

Capture, or have Wireshark dissect?

Wireshark can capture any type of packet on, for example, Ethernet or 802.11. It may, however, either not be able to recognize and dissect some packet types, or may not recognize and dissect them by default.

Wireshark 3.0.x includes dissectors for both QUIC and GQUIC.

The GQUIC dissector attempts to guess whether UDP traffic is GQUIC or not; it doesn't necessarily do so successfully. No changes have been made to it in Wireshark 3.0.x since January 2019.

The QUIC dissector attempts to guess whether UDP traffic is QUIC or not; it doesn't necessarily do so successfully. You can also use Wireshark's "Decode As..." to specify that traffic to or from a particular UDP port be dissected as QUIC. No changes have been made to it in Wireshark 3.0.x since May 2019.

edit flag offensive delete link more

Comments

It's impossible that no changes have been made since May. Now i can use "Decode As.." to UDP port, but GQUIC packets info are only "Payload (Encrypted)". I can't see a clear Handshake (ClientHello, Rejection, etc.). That's why something is changed from May (maybe actual gquic version implemented in web, by google, is different from Gquic version used in May and Wireshark didn't implemented last version yet). Thank you

Tia-95 gravatar imageTia-95 ( 2019-11-01 11:37:42 +0000 )edit

It's impossible that no changes have been made since May.

It's impossible that relevant changes were made to the 3.0.x GQUIC since 2019-01-21, because the last commit for epan/dissectors/packet-gquic.c on the 3.0.x branch has a date of "Mon Jan 21 00:08:39 2019 +0100".

That's why something is changed from May (maybe actual gquic version implemented in web, by google,

That may have changed, but Wireshark didn't.

You will probably need to file a bug, with an example capture, on the Wireshark Bugzilla to get the GQUIC dissector changed.

Guy Harris gravatar imageGuy Harris ( 2019-11-01 16:42:07 +0000 )edit

When will Wiresharks Team release new version, that supports Quic Version Q046? Thanks

Tia-95 gravatar imageTia-95 ( 2019-11-06 11:27:29 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-10-31 11:18:55 +0000

Seen: 85 times

Last updated: Nov 01