Does tshark currently support QUIC packet analysis ?

asked 2020-03-04 09:56:32 +0000

I can see that wireshark successfully dissects QUIC packets. Is this possible using tshark as well ? If yes, what command will give the desired result?

Thanks :)

answered 2020-03-04 12:55:51 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

updated 2020-03-04 14:06:19 +0000

Wireshark and tshark use the same dissection code, so tshark can output the same dissection results as Wireshark. Normally the arguments you give to tshark are the capture file to use and any display filters required, see the tshark man page for more details.

What is the result you want?

edit flag offensive delete link

Comments

Essentially, I want to view the packet in the same format that it gets displayed in wireshark i.e. frame details followed by IP details followed by UDP details followed by QUIC details.

piano-man ( 2020-03-04 13:11:14 +0000 )edit

Then you would use the -V output option, (uppercase V), e.g.

tshark -r path\to\my\capture.pcapng -V

On Windows you may also have to prefix the command with the path to tshark.exe, e.g.

"C:\Program Files\Wireshark\tshark.exe" ...

grahamb ( 2020-03-04 14:06:07 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Does tshark currently support QUIC packet analysis ?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Does tshark currently support QUIC packet analysis ? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Does tshark currently support QUIC packet analysis ?