Trisul Network Analytics
Developer Zone

**This is an old revision of the document!** ----

====== QUIC protocol analysis using the Trisul Scripting API ====== QUIC (Quick UDP Internet Connection) is a protocol championed by Google to speed up web services by replacing the traditional TCP/HTTP network layer with a new UDP based protocol. QUIC is almost exclusively used by Google services right now like YouTube, but there is an IETF Internet Draft on it now ((HTTP/3 Internet Draft https://quicwg.org/base-drafts/draft-ietf-quic-http.html)) . The movement is to merge HTTP semantics on the UDP based QUIC and call the new thing HTTP/3. Right now the only QUIC services found in the wild are from the Google stable and accessed by Google-Chrome. To differentiate this from the "IETF QUIC" I suppose we can call the protocol G-QUIC like Wireshark does. This article explains how you can use Network Security Monitoring techniques to pull out key indicators from QUIC into Trisul Network Analytics using the [[https://www.trisul.org/docs/lua/index.html|Lua Scripting API]]. BITMAUL Extract the following information Flow Tags {{ :lua:quic2.png?600 |}} Extract X.509 Certificate in QUIC {{ :lua:quic1.png?600 |}}