Open Adam-Kadi opened 2 years ago
Hey @Adam-Kadi,
Looking at your issue and also this recent one https://github.com/quiclog/pcap2qlog/issues/10, my guess is that newer versions of tshark somehow broke something in their JSON output that pcap2qlog doesn't expect.
Ideally I'd update pcap2qlog to deal with the format changes; however I don't really have time for that right now.
A potential solution for you would be to use an older version of tshark. For the qvis built-in pcap2qlog I've been using this version: https://github.com/wireshark/wireshark/commit/e3d44136f0f0026c5e893fa249f458073f3b7328 (see also dockerfile at https://github.com/quiclog/qvis-server/blob/master/system/docker_setup/wireshark/dockerfile).
That's quite old though (2 years by now). It should in theory still support all QUIC features pcap2qlog does (nothing really changed to QUIC since then and pcap2qlog doesn't do HTTP/3 yet).
Alternatively, you could try to figure out what's going wrong with the new JSON output and fix the parsing here https://github.com/quiclog/pcap2qlog/blob/master/src/parsers/ParserPCAP.ts... that shouldn't be too complex, as I'd expect no real big changes (probably just a renamed/moved field). You can get the JSON output from tshark like this directly: https://github.com/quiclog/pcap2qlog/blob/master/src/flow/pcaptojson.ts#L29
I suspect this is the same problem as with #10 and #9.
Hi,
For my thesis, I would like to use the tool you have developed "pcap2qlog" to analyze QUIC communications with qvis. However, I have a problem when I generate the final.qlog file with a pcap, the command tells me this in output:
The command I ran on the terminal is this:
sudo node out/main.js --tshark=/bin/tshark --input=/home/akadi/Quic/Test2/cipher.pcapng --secrets=/home/akadi/Quic/Test2/ssl-key_242460824150148.log --outputpath=/home/akadi/Quic/Test2/final.qlog
In input, I put the decrypted QUIC session pcap on the Wireshark options with the TLS session key.
If anyone can help me, that would be very nice :)
Adam Kadi