From aeb5f1f947a25c17c062f33e7f224f021fafe539 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Fri, 25 Mar 2022 10:16:30 +0100 Subject: QUIC: add support for version 2 draft 01 (#1493) Support for v2-00 has been removed (it has never been used in real networks and it is incompatible with v2-01). Chrome already supports v2-01 in latest versions in Chrome Beta channel. --- tests/pcap/quic-v2-00.pcapng | Bin 50416 -> 0 bytes tests/pcap/quic-v2-01.pcapng | Bin 0 -> 1346244 bytes tests/result/quic-v2-00.pcapng.out | 13 ------------- tests/result/quic-v2-01.pcapng.out | 13 +++++++++++++ 4 files changed, 13 insertions(+), 13 deletions(-) delete mode 100644 tests/pcap/quic-v2-00.pcapng create mode 100644 tests/pcap/quic-v2-01.pcapng delete mode 100644 tests/result/quic-v2-00.pcapng.out create mode 100644 tests/result/quic-v2-01.pcapng.out (limited to 'tests') diff --git a/tests/pcap/quic-v2-00.pcapng b/tests/pcap/quic-v2-00.pcapng deleted file mode 100644 index 146d3c935..000000000 Binary files a/tests/pcap/quic-v2-00.pcapng and /dev/null differ diff --git a/tests/pcap/quic-v2-01.pcapng b/tests/pcap/quic-v2-01.pcapng new file mode 100644 index 000000000..b3394b56b Binary files /dev/null and b/tests/pcap/quic-v2-01.pcapng differ diff --git a/tests/result/quic-v2-00.pcapng.out b/tests/result/quic-v2-00.pcapng.out deleted file mode 100644 index bafc46d67..000000000 --- a/tests/result/quic-v2-00.pcapng.out +++ /dev/null @@ -1,13 +0,0 @@ -Guessed flow protos: 0 - -DPI Packets (UDP): 1 (1.00 pkts/flow) -Confidence DPI : 1 (flows) - -QUIC 30 27593 1 - -JA3 Host Stats: - IP Address # JA3C - 1 192.168.56.1 1 - - - 1 UDP 192.168.56.1:50277 <-> 192.168.56.198:4443 [proto: 188/QUIC][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/5450 bytes <-> 19 pkts/22143 bytes][Goodput ratio: 92/96][0.01 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 97/97 495/1165 1482/1482 539/528][Risk: ** Known Protocol on Non Standard Port **** Missing SNI TLS Extension **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (anezfN)][Plen Bins: 0,23,3,0,0,6,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,47,0,0] diff --git a/tests/result/quic-v2-01.pcapng.out b/tests/result/quic-v2-01.pcapng.out new file mode 100644 index 000000000..dc31ec5a9 --- /dev/null +++ b/tests/result/quic-v2-01.pcapng.out @@ -0,0 +1,13 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 1 (1.00 pkts/flow) +Confidence DPI : 1 (flows) + +QUIC 923 1311986 1 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.56.1 1 + + + 1 UDP 192.168.56.1:34229 <-> 192.168.56.198:4443 [proto: 188/QUIC][Encrypted][Confidence: DPI][cat: Web/5][34 pkts/6729 bytes <-> 889 pkts/1305257 bytes][Goodput ratio: 79/97][0.02 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.990 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 2/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/73 198/1468 1482/1482 306/131][Risk: ** Known Protocol on Non Standard Port **** Missing SNI TLS Extension **][Risk Score: 100][TLSv1.3][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][PLAIN TEXT (V/vUIx)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] -- cgit v1.2.3