1

I am trying to capture QUIC traffic but not able to. I tried to build chromium from source as
mentioned in the google wiki https://www.chromium.org/quic/playing-with-quic, but this is
cumbersome, I am running into all sorts of build issues.

Also, I tried the approach suggested here to capture
QUIC packets using wireshark , this wasn't helpful.

I also tried "chrome://net-internals" and managed to get a JSON and then I tried converting the JSON to pcap using info from https://www.h21lab.com/tools/json-to-pcap but the script reports error 

json2pcap.py -p ./chrome-net-export-log.json 
    Traceback (most recent call last):
      File "/usr/local/bin/json2pcap.py", line 527, in <module>
        py_generator(packet['_source']['layers'], r)
    TypeError: string indices must be integers

I downloaded the source for this script from https://github.com/H21lab/json2pcap.

I'd prefer capturing over generating those packets.
Other details -
Platform - macOS catalina
Wireshark - 3.2.2
Chrome Browser

Thankyou

golimoli
  • 143
  • 9
  • 1
    You may need to "decode as" quic in wireshark. [This question](https://ask.wireshark.org/question/12750/cant-no-longer-find-quicgquic-protocol-on-wireshark-analysis/) on the Wireshark forums is also relevant. – Ross Jacobs Mar 13 '20 at 21:12
  • 1
    Capturing and decoding IETF QUIC with recent builds of Wireshark works flawlessly, see https://github.com/quicwg/base-drafts/wiki/Tools for details. The problem might be that chromium does not speak IETF QUIC yet (but a variant derived from Google QUIC). – Peter Apr 05 '20 at 07:49
  • The json2pcap script accepts only jsons generated from tshark. See json2pcap -h – user10617847 Oct 18 '20 at 06:42

1 Answers1

0

You might want to try to use Wireshark version 3.6.5 or better. I was using Wireshark 3.2.3, and it wasn't showing me QUIC packets. Upgrading showed me QUIC packets when I opened www.google.com in chrome.

Also, you can generate QUIC packets using aioquic, and detect the packets in Wireshark. Make sure that you pick the loopback interface in Wireshark when you start capturing.

Check this answer for more details and steps.

steoiatsl
  • 1,892
  • 2
  • 22
  • 39