fix TLS error in praseing PCAP

[songwei163]

fix TLS error in praseing PCAP In version 3.6.5 of tshark，there is a problem when convert pcap to qlog. { "qlog_version": "draft-01", "description": "", "traces": [ { "error_description": "Error: ParserPCAP: no tls info known for the first QUIC initial, not supported! Are you sure the trace decrypted? : [object Object], I noticed that some fields changed when tshark converted the JSON file. "quic.frame": [ { "quic.frame_type": "6", "quic.crypto.offset": "0", "quic.crypto.length": "90", "quic.crypto.crypto_data": "", "tls": { "tls.handshake": { "tls.handshake.type": "2", So I changed the logic to identify an encrypted frame.

[rmarx]

Hey @songwei163,

Thanks for this! I think this probably explains what #9, #10 and #11 have also been seeing and the fix seems simple enough.

I'm a bit hesitant to merge this though, as this removes backwards compatibility with older versions of Wireshark that didn't have this setup.

Would it be possible for you to adjust the code to check for both versions/options of the TLS data location and use the correct one depending on which seems present in the JSON tshark output? That way older setups won't break with this merge.

Thanks again, Robin