Identify a QUIC Packet in UDP Payload
I am trying to write a custom code that processes QUIC Initial packets. In a pcap file, I would like to identify quic packet from other UDP packets. I am not sure on which particular bit/ byte in the payload to look for.
The payload directly seems to start with quic headers. How to distinguish this from other UDP payloads like DNS, etc.
Actually, there is no bit or field in the UDP header providing you information about the type of payload. You were probably searching for something like the Protocol field in the IPv4 header.
Wireshark uses so-called dissectors to determine the type of payload. You can find the QUIC dissector here. Wireshark uses multiple techniques to determine if a UDP datagram contains QUIC payload. Some of them are:
- is the port used 80 or 443? If yes, the payload could be QUIC.
- is the beginning of the payload a valid QUIC header? This includes the verification of the QUIC version or the validation of the CID.
If you try to implement a simple dissector on your own, I would probably use the "easy" properties mentioned above.
I hope this does answer your question.
- Simulate Multiple Virtual Timers with one Physical Timer
- Is it possible to disable the network in iOS Simulator?
- Cannot reach port of container running in host mode
- socket connect() vs bind()
- tableview memory management - singleton class
- Send HTTP POST to API server running on localhost from another PC
- TraceRoute and Ping in C#
- How does Soundcloud app skip to next track so fast?
- iOS Integrate Sendy API
- Swift 5: Display Data Retrieved in Closure to Table View
- UDP Message Sending and Receiving with ASIO: Send Succeeds but Receive Fails in Loop
- Nmap – Taking a random sample from a range of IP ranges - Is combining -iR and -iL possible?
- Calculating range of IPs from subnet mask
- Is Serializing Floats Necessary for Cross-Platform Network Code?
- iOS 14 How to trigger Local Network dialog and check user answer?
- Do I need a PORT when joining a multicast group or just the IP?
- Tell whether a text string is an IPv6 address or IPv4 address using standard C sockets API
- Nat Gateway Profile for AKS using terraform
- no instance of function template "uWS::CachingApp<SSL>::ws [with SSL=false]" matches the argument list, uWebSockets
- Fiddler: Where to add IF statement for m_SimulateModem?
- Can someone explain what a wire-level protocol is?
- OS appending IP header even with raw sockets and IPPROTO_RAW
- Board Game in Unity using Photon Fusion
- Connection Refused with TCP socket Error # 10061
- Capturing mobile phone traffic on Wireshark
- How to expose a Docker network to the host machine?
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- EC2 can't get a public ip address after stop-start
- How to detect top legit search engine bots?
- Network Link Conditioner seems to have no effect on network behavior on Lion, Mountain Lion