Wireshark-bugs: [Wireshark-bugs] [Bug 10908] New: wireshark is not dissecting http2 correctly
Date: Sun, 01 Feb 2015 11:39:49 +0000
Bug ID 10908
Summary wireshark is not dissecting http2 correctly
Product Wireshark
Version 1.99.x (Experimental)
Hardware x86
OS Ubuntu
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter rforbes@mozilla.com

Created attachment 13418 [details]
capture file from http session

Build Information:
Version 1.99.1 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.10.8, with Cairo 1.13.1, with Pango 1.36.3, with
libpcap, with POSIX capabilities (Linux), without libnl, with libz 1.2.8, with
GLib 2.40.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
2.12.23, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Feb 25 2014 21:09:53), with AirPcap.

Running on Linux 3.13.0-44-generic, with locale en_US.UTF-8, with libpcap
version 1.5.3, with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3, without
AirPcap.
      Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz (with SSE4.2)

Built using gcc 4.8.2.

--
I am using wireshark 1.99 and am seeing strange results with http2 traffic.  I
am using the NSS Key Log from firefox in order to decrypt the SSL.  This is
specified here.

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

I am seeing some HTTP/2 traffic dissected correctly, mostly the set up frames. 
However, after that I am just seeing more TLS traffic.  When I go into those
packets there is a tab at the bottom that says "Decrypt SSL Data" and I am able
to see the data field of the SSL packet but for some reason it is not actually
constructing them as HTTP/2 packets so I can't see the actual HTTP/2 fields.

I am including my capture as well as my key log file.


You are receiving this mail because:
  • You are watching all bug changes.