First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Can't no longer find Quic/Gquic protocol on Wireshark analysis

Anyone can explain me what should i do to capture QUIC/GQUIC packets? Which Wireshark version for current Gquic version?? I need to complete my university thesis and i can't continue. Since July or August, all worked fine. Thanks for your help!

Tia-95's avatar
1
Tia-95
asked 2019-10-31 11:18:55 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Anyone can explain me what should i do to capture QUIC/GQUIC packets?

Capture, or have Wireshark dissect?

Wireshark can capture any type of packet on, for example, Ethernet or 802.11. It may, however, either not be able to recognize and dissect some packet types, or may not recognize and dissect them by default.

Wireshark 3.0.x includes dissectors for both QUIC and GQUIC.

The GQUIC dissector attempts to guess whether UDP traffic is GQUIC or not; it doesn't necessarily do so successfully. No changes have been made to it in Wireshark 3.0.x since January 2019.

The QUIC dissector attempts to guess whether UDP traffic is QUIC or not; it doesn't necessarily do so successfully. You can also use Wireshark's "Decode As..." to specify that traffic to or from a particular UDP port be dissected as QUIC. No changes have been made to it in Wireshark 3.0.x since May 2019.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-10-31 20:02:27 +0000
edit flag offensive 0 remove flag delete link
more

Comments

It's impossible that no changes have been made since May. Now i can use "Decode As.." to UDP port, but GQUIC packets info are only "Payload (Encrypted)". I can't see a clear Handshake (ClientHello, Rejection, etc.). That's why something is changed from May (maybe actual gquic version implemented in web, by google, is different from Gquic version used in May and Wireshark didn't implemented last version yet). Thank you

Tia-95's avatar Tia-95 (2019-11-01 11:37:42 +0000) edit
more
  • delete

It's impossible that no changes have been made since May.

It's impossible that relevant changes were made to the 3.0.x GQUIC since 2019-01-21, because the last commit for epan/dissectors/packet-gquic.c on the 3.0.x branch has a date of "Mon Jan 21 00:08:39 2019 +0100".

That's why something is changed from May (maybe actual gquic version implemented in web, by google,

That may have changed, but Wireshark didn't.

You will probably need to file a bug, with an example capture, on the Wireshark Bugzilla to get the GQUIC dissector changed.

Guy Harris's avatar Guy Harris (2019-11-01 16:42:07 +0000) edit
more
  • delete

When will Wiresharks Team release new version, that supports Quic Version Q046? Thanks

Tia-95's avatar Tia-95 (2019-11-06 11:27:29 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer