Hi
I noticed some strange behaviour from QUIC.
But since I also see oversized Ethernet packets (up to 4,054 bytes) in your trace file, I assume they were captured using Wireshark directly on the client (192.168.69.226).
As more and more functions in the client are being offloaded to the Ethernet processor, this should be avoided.
Therefore, it is recommended that the capture be performed outside of the sending or receiving device, on a TAP or a switch mirror port. Only then can you see what is really on the wire.
Best regards
Rolf Leutert
Leutert NetServices
www.netsniffing.ch
-----Ursprüngliche Nachricht-----
Von: ValdikSS <iam@xxxxxxxxxxxxxxx>
Gesendet: Donnerstag, 25. Juli 2024 22:36
An: leutert@xxxxxxxxxxxxxx
Cc: wireshark-users@xxxxxxxxxxxxx
Betreff: [Wireshark-users] Re: QUIC in Chrome on YouTube not dissected
> I looked through your file but did not see your DCID=f00edb746f767f8a, nor DCID=f10edb746f767f8a and no udp.stream eq 42. Only a total of 32 udp streams are in the file.
Sorry, I've recaptured the file to decrease its size and forgot to change the message.
The original QUIC stream, which is dissected, is udp.stream eq 13 (DCID=e84ccd61ff2aef85), and the presumably migrated is udp.stream eq 32, with what it looks like DCID=e94ccd61ff2aef85
P.S. please reply to my email as well, I'm not subscribed to the list.