First time here? Check out the FAQ!

Ask Your Question
0

Can wireshark be set up to differentiate if a QUIC pcap is GQUIC or IETF QUIC?
 
  
 
  
 
 
 
 
 
 
    
        
        asked May 5 '2  
 
 jvthird gravatar image  
 
 
 
 
 
Can wireshark be set up to differentiate if a QUIC pcap is GQUIC or IETF QUIC?
 
Preview: (hide)
 
 
 
 
          
 
add a comment
 
 
 
 
 
 1 Answer
    
 
 
                    Sort by »
                     oldest newest most voted 
 
 
 
 
 
  
 
 
 
 
0
 
 
  
 
 
 
 
 
 
 
 
    
        
        answered May 6 '2  
 
 Chuckc gravatar image  
 
 
 
 
 
Maybe.
 View->Internals->Dissector Tables then search on "quic".
 GQUIC and QUIC are registered as udp Heuristics.

From the WSUG (User's Guide):
 
 
As Wireshark tries to find the right dissector for each packet (using static “routes” and heuristics “guessing”), it might choose the wrong dissector in your specific case.
 
 
Wireshark makes a SWAG and does it's best.
 
There are captures attached to 13881 - Add (IETF) QUIC Dissector and 15984 - gquic parser Q046 support that show each protocol dissected.
 
Preview: (hide)
 
 
 
 
         
        link
        
 
add a comment
 
 
 
 
  
 
 
 
 

    
        Your Answer
    

 
 Please start posting anonymously - your entry will be published after you log in or create a new account.

    

 
 
Add Answer
 
 
 
 
 
 
 
 
   
  
 
   
 
 
 
 
 
 
 
 
Question Tools
  
 

        
        
            1 follower
        
    
 
 
 subscribe to rss feed 
 
 
 
 
 
 
Stats
 

        Asked:  May 5 '2  
 
 
        Seen: 297 times 
 

        Last updated: May 06 '22 
 
 
 
Related questions
 
 
 How can i see quic packets? 
 
 how does wireshark support quic decryption 
 
 Can't no longer find Quic/Gquic protocol on Wireshark analysis 
 
 Parse SMB over QUIC packets 
 
 UDP packets to port 443 isn't labeled as GQUIC or QUIC 
 
 where does wireshark label a packet as UDP or QUIC in the code? 
 
 Quic decrypt problem