Ask Your Question
0

Can wireshark be set up to differentiate if a QUIC pcap is GQUIC or IETF QUIC?

asked 2022-05-05 21:39:03 +0000

jvthird gravatar image

Can wireshark be set up to differentiate if a QUIC pcap is GQUIC or IETF QUIC?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2022-05-06 13:20:03 +0000

Chuckc gravatar image

Maybe.
View->Internals->Dissector Tables then search on "quic".
GQUIC and QUIC are registered as udp Heuristics.
From the WSUG (User's Guide):

As Wireshark tries to find the right dissector for each packet (using static “routes” and heuristics “guessing”), it might choose the wrong dissector in your specific case.

Wireshark makes a SWAG and does it's best.

There are captures attached to 13881 - Add (IETF) QUIC Dissector and 15984 - gquic parser Q046 support that show each protocol dissected.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-05-05 21:39:03 +0000

Seen: 257 times

Last updated: May 06 '22

Related questions

How can i see quic packets?

how does wireshark support quic decryption

Can't no longer find Quic/Gquic protocol on Wireshark analysis

Parse SMB over QUIC packets

UDP packets to port 443 isn't labeled as GQUIC or QUIC

where does wireshark label a packet as UDP or QUIC in the code?

Quic decrypt problem