QUIC (Quick UDP Internet Connection) is a protocol championed by Google to speed up web services by replacing the traditional TCP/HTTP network layer with a new UDP based protocol. QUIC is almost exclusively used by Google services right now like YouTube, but there is an IETF Internet Draft on it now ¹⁾ . The movement is to merge HTTP semantics on the UDP based QUIC and call the new thing HTTP/3.

Right now the only QUIC services found in the wild are from the Google stable and accessed by Google-Chrome. To differentiate this from the “IETF QUIC” I suppose we can call the protocol G-QUIC like Wireshark does.

This article explains how you can use Network Security Monitoring techniques to pull out key indicators from QUIC into Trisul Network Analytics using the Lua Scripting API.

BITMAUL

Extract the following information

Flow Tags

Extract X.509 Certificate in QUIC