Ask Your Question

quic malformed packet error

asked 2019-06-14 02:09:05 +0000

psyspy gravatar image

updated 2019-06-14 02:10:50 +0000


Looks like latest version of QUIC isn't being dissected by wireshark. I captured Youtube traffic and opened it in wireshark. Unfortunately, it is unable to parse the latest version of QUIC "Q046". The data part (aka frames) format seem to be the same. Only the header format seems to have changed. I tried to find RFC for Q046. Couldn't find it. Any help is appreciated.

Thanks, psyspy

edit retag flag offensive close merge delete


Wireshark version?

The QUIC protocol and the Wireshark dissector for it are under development, so the state of Wireshark dissection is in flux.

grahamb gravatar imagegrahamb ( 2019-06-16 18:54:05 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-06-19 00:36:55 +0000

Lekensteyn gravatar image

updated 2019-06-19 00:38:44 +0000

Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF working group, its status can be tracked at

You seem to be looking for Google's version of QUIC which is referred to by Wireshark as "gQUIC" with display filter gquic. It has no RFC since it is a proprietary protocol. Google will eventually replace their version of QUIC with the IETF version, similar to what they did with Google's SPDY protocol which got replaced by HTTP/2. Wireshark's gQUIC support lags behind and is not fully up-to-date. We may eventually tackle it, but right now my priority is implementing HTTP/3 support on top of IETF QUIC in Wireshark. Alexis La Goutte worked on gQUIC in the past, maybe he could make it compatible with newer gQUIC versions.

Some resources about Google's QUIC version:

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2019-06-14 02:09:05 +0000

Seen: 1,039 times

Last updated: Jun 19 '19