Dissect decrypted QUIC packets from Google
Hi, everyone. I'm learning QUIC protocol with Wireshark. When I capture traffic from www.google.com (or www.youtube.com), after using TLS keylog.txt, Wireshark shows the decrypted QUIC panel. However, these decrypted payloads seem not to be dissected properly as a higher layer protocol (maybe HTTP3?). So, I could not export any useful objects from the decrypted traffic.
However, when I request other websites, e.g., www.xiaohongshu.com, which also uses QUIC, after importing keylog.txt, I could see the HTTP3 packets. So I wonder why this would happen.
I learned that Google may use its own QUIC version, i.e., GQUIC, but Wireshark seems to display my capture as the normal QUIC traffic. I wonder if it is possible to dissect these decrypted Google/YouTube traffic, or am I doing some wrong in decryption? Any help is appreciated. :)
Sorry that I don't have enough points to post images, I upload the images, .pcap along with keylog.txt files for www.google.com, www.youtube.com and www.xiaohongshu.com separately. Sorry for that inconvenience. :)
The Wireshark version is: Version 4.4.3 (v4.4.3-0-g66d7a52feb06).