QUIC module
The QUIC Analysis Module provides insights into QUIC (Quick UDP Internet Connections) traffic, a modern transport protocol developed by Google and designed to improve upon traditional TCP connections. This module offers detailed information on various aspects of QUIC traffic, enabling users to understand and analyze communication patterns and data exchanges. QUIC is currently utilized in various applications such as web browsing, video streaming, and online gaming, offering enhanced performance and security benefits over traditional protocols. The QUIC protocol is described in detail in RFC 9000 (V1) and RFC 9369 (V2).
This module supports QUIC initial decoding for the draft protocol versions 29, 31, and 32, as well as version 1 and 2 to read TLS information if the option "Decode server name from handshakes" is enabled in the "Module Settings" tab. This functionality allows users to delve deeper into the cryptographic properties and security features of QUIC connections, providing a comprehensive analysis experience.
QUIC TLS Server
The first tab "QUIC TLS Server" presents a comprehensive overview of all QUIC server IP addresses that have been requested by a client along with their corresponding server names. This data is extracted from the server_name extension of the TLS client hello, which is present in the QUIC initial packets.