Can wireshark be set up to differentiate if a QUIC pcap is GQUIC or IETF QUIC?
Can wireshark be set up to differentiate if a QUIC pcap is GQUIC or IETF QUIC?
1 Answer
- Sort by
oldest newest most voted
0
Maybe.
View->Internals->Dissector Tables then search on "quic".
GQUIC and QUIC are registered as udp Heuristics.
From the WSUG (User's Guide):
As Wireshark tries to find the right dissector for each packet (using static “routes” and heuristics “guessing”), it might choose the wrong dissector in your specific case.
Wireshark makes a SWAG and does it's best.
There are captures attached to 13881 - Add (IETF) QUIC Dissector and 15984 - gquic parser Q046 support that show each protocol dissected.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments