Can you confirm the full technical method you were using to see DoH traffic? i.e. Destination IP/port/protocol
Suggested capture methods:
tcpdump -p --dont-verify-checksums -i any -NNnntt -B32768 -c2000 -s0 proto 6 and 'tcp[13] == 2' and not host ${Your_Router_IP} &
tcpdump -p --dont-verify-checksums -i any -NNnntt -B32768 -c4000 -s0 proto 17 and not host ${Your_Router_IP} and 'length <256' &
Don't paste the output, just suggestions for capturing HTTPS SYN and QUIC over UDP.
Suggested capture methods:
Don't paste the output, just suggestions for capturing HTTPS SYN and QUIC over UDP.