 |
Myra Canyon
v0.0.1-768
network control
|
|
|
Myra Canyon
v0.0.1-768
network control
|
|
Detect and examine Google QUIC packets. More...
Functions | |
| bool | examine (Flow &flow, const Myra::PktInfo &info) |
| Examine a packet for QUIC, and mark the flow if found. More... | |
Detect and examine Google QUIC packets.
| bool Myra::Traffic::QUIC::examine | ( | Myra::Flow & | flow, |
| const Myra::PktInfo & | info | ||
| ) |
Examine a packet for QUIC, and mark the flow if found.
true if this exam needs to be called again for the given flow false if this exam never needs to be called again While QUIC is encrypted, the very first packet of the flow contains some unique keywords. Do a search for "QUIC Wire Layout Specifications" for the packet format details.
-> flow #10973791317304365873: Unknown+IP+IPv4+UDP: 10.0.1.3:53801->74.125.28.95:443 (number of packets: 1)
-> flow #10973791317304365873: payload: number of bytes: 1350
0: 0d 47 00 72 8b ad e7 84 8c 51 30 32 33 01 17 4d ef 79 d3 24 53 f8 64 76 2f c9 01 a0 01 00 04 43 - .G.r.....Q023..M.y.$S.dv/......C
20: 48 4c 4f 16 00 00 00 50 41 44 00 3f 02 00 00 53 4e 49 00 51 02 00 00 53 54 4b 00 8d 02 00 00 56 - HLO....PAD.?...SNI.Q...STK.....V
40: 45 52 00 91 02 00 00 43 43 53 00 a1 02 00 00 4e 4f 4e 43 c1 02 00 00 4d 53 50 43 c5 02 00 00 41 - ER.....CCS.....NONC....MSPC....A
60: 45 41 44 c9 02 00 00 55 41 49 44 dc 02 00 00 53 43 49 44 ec 02 00 00 50 44 4d 44 f0 02 00 00 53 - EAD....UAID....SCID....PDMD....S
80: 57 4e 44 f4 02 00 00 49 43 53 4c f8 02 00 00 4b 41 54 4f fc 02 00 00 50 55 42 53 1c 03 00 00 4b - WND....ICSL....KATO....PUBS....K
a0: 45 58 53 20 03 00 00 43 4f 50 54 20 03 00 00 43 43 52 54 38 03 00 00 43 47 53 54 3c 03 00 00 43 - EXS ...COPT ...CCRT8...CGST<...C
c0: 46 43 57 40 03 00 00 49 46 43 57 44 03 00 00 53 46 43 57 48 03 00 00 2d 2d 2d 2d 2d 2d 2d 2d 2d - FCW....IFCWD...SFCWH...---------
e0: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d - --------------------------------
1.8.8