lua:quic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
lua:quic [2018/12/13 23:35] – [Explaining the scripts] veera | lua:quic [2018/12/13 23:38] – [Network Security Monitoring for QUIC] veera | ||
---|---|---|---|
Line 8: | Line 8: | ||
+ | The QUIC analysis LUA scripts can be found here in the [[https:// | ||
===== Network Security Monitoring for QUIC ===== | ===== Network Security Monitoring for QUIC ===== | ||
In the NSM((Network Security Monitoring involves collecting multiple types of data characterizing network traffic http:// | In the NSM((Network Security Monitoring involves collecting multiple types of data characterizing network traffic http:// | ||
- | We were seeing quite a bit of QUIC traffic to YouTube in one of our probes, so we went ahead and got the PCAPs and started analyzing them using Wireshark and the Google QUIC Crypto document to see what can be extracted. We found the following indicators | + | We were seeing quite a bit of QUIC traffic to YouTube in one of our probes, so we went ahead and got the PCAPs and started analyzing them using Wireshark and the Google QUIC Crypto |
* **Connection ID** - a 64-bit random number that would likely be globally unique identifying the QUIC connection. | * **Connection ID** - a 64-bit random number that would likely be globally unique identifying the QUIC connection. | ||
Line 43: | Line 44: | ||
- | This is how the outputs look like. Using the TRP API you can access these programatically too. | + | This is how the outputs look like. |
===== Flow Tags ===== | ===== Flow Tags ===== | ||
lua/quic.txt · Last modified: 2024/06/04 16:58 by thiyagu