This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How wireshark recognize Quic protocol rather than normal udp packet

0

as the title,i don't see any flags to show whether it is a Quic or other

asked 14 Jun '15, 23:21

DavidNorth's gravatar image

DavidNorth
16336
accept rate: 0%

edited 15 Jun '15, 02:11

grahamb's gravatar image

grahamb ♦
19.8k330206

Do you have an example capture with the issue you can share, e.g. via Cloudshark, Google Drive, Dropbox, etc.

(15 Jun '15, 02:12) grahamb ♦

One Answer:

2

Wireshark recognizes UDP traffic to or from port 80 or 443 as being QUIC traffic. QUIC runs over UDP, so QUIC packets are normal UDP packets.

answered 15 Jun '15, 02:25

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thanks a lot .

(16 Jun '15, 00:15) DavidNorth

Do wireshark decide by looking at the port numbers only? or will it validate L7 data too?

(05 Oct '16, 06:33) Brijesh Valera

Looking port number and for some dissector, there is a heuristic (but no for QUIC)

(06 Oct '16, 08:00) Alexis La Go...