[Zeek] QUIC HTTP 3 support?

Mike Dopheide dopheide at gmail.com
Tue Jan 8 20:22:31 PST 2019


There are two packages you might want to check out.  The first one I wrote
as a sample which does a very basic job of trying to identify a connection
as being Google QUIC or IETF draft.  (In practice, I saw zero traffic
actually adhering to the IETF draft, all QUIC traffic was Google's
version.)  The second is a Corelight re-write that does a much more
in-depth analysis of Google QUIC.

https://github.com/dopheide-esnet/bro-quic
https://github.com/corelight/bro-quic

-Dop

On Tue, Jan 8, 2019 at 10:11 PM anthony kasza <anthony.kasza at gmail.com>
wrote:

> I am confident that once the HTTP/3 specification is completed Zeek will
> support it.
>
> -AK
>
> On Tue, Jan 8, 2019, 17:48 Neslog <neslog at gmail.com wrote:
>
>> Hello Zeekers,
>>
>> Does Zeek support Quic HTTP 3?
>>
>>
>> https://tools.ietf.org/html/draft-ietf-quic-http-17
>>
>>
>> _______________________________________________
>> Zeek mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
> _______________________________________________
> Zeek mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190108/22971fdb/attachment.html 


More information about the Zeek mailing list