This work investigates the real-world deployment evolution and configuration heterogeneity of the QUIC protocol among hyperscale providers (e.g., Meta, Google, Cloudflare) since its 2021 standardization. Method: Leveraging one month of passive backscatter traffic from the CAIDA Internet telescope, we propose a fully passive identification framework. It exploits protocol-agnostic features—including SCID first-appearance patterns, packet aggregation behavior, and length distributions—to construct cross-domain QUIC deployment fingerprints. We further integrate QUIC packet reverse parsing, SCID semantic analysis, per-packet statistical modeling, and active measurement validation. Contribution/Results: For the first time without active probing, we infer vendor-specific RTO policies, retransmission mechanism differences, and load-balancer topology; we also quantitatively estimate server scale and hierarchical deployment. This work establishes a novel paradigm for passive monitoring and infrastructure inference of large-scale encrypted protocols.

In this paper, we study the potentials of passive measurements to gain advanced knowledge about QUIC deployments. By analyzing one month backscatter traffic of the /9 CAIDA network telescope, we are able to make the following observations. First, we can identify different off-net deployments of hypergiants, using packet features such as QUIC source connection IDs (SCID), packet coalescence, and packet lengths. Second, Facebook and Google configure significantly different retransmission timeouts and maximum number of retransmissions. Third, SCIDs allow further insights into load balancer deployments such as number of servers per load balancer. We bolster our results by active measurements.