while using Wireshark Version 3.2.5, cannot capture packets under QUIC, only shown as UDP. But the Wireshark document shows that it supports QUIC?
Asked
Active
Viewed 642 times
1 Answers
4
The support for QUIC in Wireshark is a work in progress. It's possible, and quite likely, that you would need to work with the latest development version of Wireshark when it comes to QUIC in order to have the best possible chance at having Wireshark dissect it properly for you.
There are at least 4 open QUIC-related bugs in the Wireshark bug tracker you may wish to follow:
- Bug 13881 - Add (IETF) QUIC Dissector
- Bug 15984 - gquic parser Q046 support
- Bug 16633 - Add gQUIC Q050 support (Initial)
- Bug 16712 - Not able to decrypt QUIC draft 22 faceb001
If you want to try to work with the latest development builds to see if QUIC dissection works better with one of those, then Depending on your OS, you may be able to download a recent installer from https://www.wireshark.org/download/automated/. If there's no installer available for your platform, you could try building Wireshark yourself from sources. Refer to the Wireshark Developer's Guide for information on that.
On the other hand, maybe it's as simple as setting the QUIC UDP port preference? You could try setting it via Wireshark's "Edit -> Preferences -> Protocols -> QUIC -> QUICK UDP port: ". Alternatively, you could try to force the traffic to be dissected as QUIC using Wireshark's "Decode As..." feature. This can be configured in at least 2 ways, either by Right-Clicking on a packet in the packet details pane and choosing "Decode As..." or from the Wireshark Analyze -> Decode As... menu. In either case, change the "Current" column data from whatever it is now to QUIC, then click OK.
Christopher Maynard
- 4,007
- 1
- 13
- 19