Differences

This shows you the differences between two versions of the page.

--- lua:quic [2018/12/13 23:35] – [Explaining the scripts] veera
+++ lua:quic [2018/12/13 23:38] – [Network Security Monitoring for QUIC] veera
@@ Line 8: / Line 8: @@
+The QUIC analysis LUA scripts can be found here in the [[https://github.com/trisulnsm/bitmaul/tree/master/examples/quic|BITMAUL/examples/quic]] repo
 ===== Network Security Monitoring for QUIC =====
 In the NSM((Network Security Monitoring involves collecting multiple types of data characterizing network traffic http://www.informit.com/articles/article.aspx?p=350391 )) worldview, we would like to collect as much as possible about the QUIC sessions. This would be in addition to //Flow records// and //PCAP// we collect for all flows.
-We were seeing quite a bit of QUIC traffic to YouTube in one of our probes, so we went ahead and got the PCAPs and started analyzing them using Wireshark and the Google QUIC Crypto document to see what can be extracted. We found the following indicators
+We were seeing quite a bit of QUIC traffic to YouTube in one of our probes, so we went ahead and got the PCAPs and started analyzing them using Wireshark and the Google QUIC Crypto ((the CRYPTO protocol is documented here at https://github.com/romain-jacotin/quic/blob/master/doc/QUIC_crypto_protocol.md))  document to see what can be extracted. We found the following indicators
   * **Connection ID** -  a 64-bit random number that would likely be globally unique identifying the QUIC connection.
@@ Line 43: / Line 44: @@
-This is how the outputs look like. Using the TRP API you can access these programatically too.
+This is how the outputs look like.
 ===== Flow Tags =====