Hello Zeekers,
Does Zeek support Quic HTTP 3?
I am confident that once the HTTP/3 specification is completed Zeek will support it.
-AK
There are two packages you might want to check out. The first one I wrote as a sample which does a very basic job of trying to identify a connection as being Google QUIC or IETF draft. (In practice, I saw zero traffic actually adhering to the IETF draft, all QUIC traffic was Google’s version.) The second is a Corelight re-write that does a much more in-depth analysis of Google QUIC.
https://github.com/dopheide-esnet/bro-quic
https://github.com/corelight/bro-quic
-Dop