Wireshark-bugs: [Wireshark-bugs] [Bug 10908] New: wireshark is not dissecting http2 correctly
Bug ID |
10908
|
Summary |
wireshark is not dissecting http2 correctly
|
Product |
Wireshark
|
Version |
1.99.x (Experimental)
|
Hardware |
x86
|
OS |
Ubuntu
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
rforbes@mozilla.com
|
Created attachment 13418 [details]
capture file from http session
Build Information:
Version 1.99.1 (Git Rev Unknown from unknown)
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 3.10.8, with Cairo 1.13.1, with Pango 1.36.3, with
libpcap, with POSIX capabilities (Linux), without libnl, with libz 1.2.8, with
GLib 2.40.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Feb 25 2014 21:09:53), with AirPcap.
Running on Linux 3.13.0-44-generic, with locale en_US.UTF-8, with libpcap
version 1.5.3, with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3, without
AirPcap.
Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz (with SSE4.2)
Built using gcc 4.8.2.
--
I am using wireshark 1.99 and am seeing strange results with http2 traffic. I
am using the NSS Key Log from firefox in order to decrypt the SSL. This is
specified here.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
I am seeing some HTTP/2 traffic dissected correctly, mostly the set up frames.
However, after that I am just seeing more TLS traffic. When I go into those
packets there is a tab at the bottom that says "Decrypt SSL Data" and I am able
to see the data field of the SSL packet but for some reason it is not actually
constructing them as HTTP/2 packets so I can't see the actual HTTP/2 fields.
I am including my capture as well as my key log file.
You are receiving this mail because:
- You are watching all bug changes.