Hi Wireshark community, Greetings from me!
I have one question related to classifying the flow as QUIC protocol. >From the attached pcap file, we can see if missing Initial/Handshake packets, Wireshark doesn't deem the flow as QUIC flow, and I am just wondering whether it makes sense to classify the flow as QUIC if: (1) The flow uses UDP 443 port; (2) The first two bits of the packet meet the short header packet requirement, i.e., (first_byte & 0xc0) == 0x40. I am not sure whether the above criteria is too broad that can misclassify many flows as QUIC, and am very appreciative if someone can give some insights, thanks very much in advance! Best Regards Nan Xiao
quic_missing_initial.pcap
Description: Binary data
_______________________________________________ Wireshark-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
