Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10908] New: wireshark is not dissecting http2 correctly

Wireshark-bugs: [Wireshark-bugs] [Bug 10908] New: wireshark is not dissecting http2 correctly

Date: Sun, 01 Feb 2015 11:39:49 +0000

Bug ID	10908
Summary	wireshark is not dissecting http2 correctly
Product	Wireshark
Version	1.99.x (Experimental)
Hardware	x86
OS	Ubuntu
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	rforbes@mozilla.com

Created attachment 13418 [details]
capture file from http session

Build Information:
Version 1.99.1 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.10.8, with Cairo 1.13.1, with Pango 1.36.3, with
libpcap, with POSIX capabilities (Linux), without libnl, with libz 1.2.8, with
GLib 2.40.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Feb 25 2014 21:09:53), with AirPcap.

Running on Linux 3.13.0-44-generic, with locale en_US.UTF-8, with libpcap
version 1.5.3, with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3, without
AirPcap.
      Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz (with SSE4.2)

Built using gcc 4.8.2.

--
I am using wireshark 1.99 and am seeing strange results with http2 traffic.  I
am using the NSS Key Log from firefox in order to decrypt the SSL.  This is
specified here.

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

I am seeing some HTTP/2 traffic dissected correctly, mostly the set up frames. 
However, after that I am just seeing more TLS traffic.  When I go into those
packets there is a tab at the bottom that says "Decrypt SSL Data" and I am able
to see the data field of the SSL packet but for some reason it is not actually
constructing them as HTTP/2 packets so I can't see the actual HTTP/2 fields.

I am including my capture as well as my key log file.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10908] wireshark is not dissecting http2 correctly
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10908] wireshark is not dissecting http2 correctly
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10908] wireshark is not dissecting http2 correctly
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10908] wireshark is not dissecting http2 correctly
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9515] TLSV1 "Ignored Unknown Record"
Next by Date: [Wireshark-bugs] [Bug 10908] wireshark is not dissecting http2 correctly
Previous by thread: [Wireshark-bugs] [Bug 9515] TLSV1 "Ignored Unknown Record"
Next by thread: [Wireshark-bugs] [Bug 10908] wireshark is not dissecting http2 correctly
Index(es):
- Date
- Thread