In trying to dissect captured QUIC traffic with tshark cannot set "decode as" (-d udp.port==5555,quic) protocol because quic is not recognized by tshark as layer protocol (-d '' does not list it). It is listed in decode_as_entries. "tshark -G decodes" does list it as well but tshark does not pick it up for some reason.
Would appreciate any suggestion on how to resolve this.
asked 07 Nov '16, 10:08
edited 07 Nov '16, 10:33
The solution is to either:
(It might work in versions earlier than 2.2--I didn't check exactly what version that functionality showed up in.)
answered 07 Nov '16, 13:03