This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable to decode HTTP2 traffic

0

I am unable to decode HTTP2 traffic generated by nghttp client and nghttpd server from nghttp2 library (https://github.com/tatsuhiro-t/nghttp2).

I used plain-text mode ("http" URI scheme, without Upgrade option), sent request to the server and download small txt file. Logs from the server and the client show, that everything was OK: connection was established and the file was downloaded. However, Wireshark recognized only "magic" frame (i.e. preface) as "HTTP2", any other HTTP2 frames were displayed.

Useful info

Linux Ubuntu 14.04 (Virtualbox VM running on Windows 8.1)

nghttp2 v0.7.9 (client and server applications, server running with --no-tls option, port 80)

Wireshark 1.9.3

pcap_file

Wireshark_snapshot

asked 15 Apr '15, 06:52

kazimierz_ochodzki's gravatar image

kazimierz_oc...
6112
accept rate: 0%

1

With Version 1.9.3 I had the same problem with your tracefile. After I have installed Version 1.9.5 the trace looked fine.

(19 Apr '15, 10:08) Christian_R

Did Kurt's solution solve your problem? I met the exact same issue in version 2.2, but there's no Enable HTTP2 heuristic option there!!!

(24 Sep '16, 05:41) laike9m

@laike9m HTTP/2 got multiple heuristics, the Magic packet (enabled by default) and the very weak frame type check (removed since v1.99.9rc0-56-g78ca0af).

(24 Sep '16, 05:50) Lekensteyn

@Lekensteyn So what do you think of my question? I've provided all information I have. Is it a bug or I'm doing something wrong?

(24 Sep '16, 05:53) laike9m

@laike9m The heuristics option is gone, that is not a bug. The bug is that http2 detection somehow failed due to an issue in handling the ALPN extension. A fix has been developed for the next versions of Wireshark.

(24 Sep '16, 13:05) Lekensteyn

2 Answers:

2

The heuristic dissector for HTTP2 is disabled by default. If you enable it, the protocol will be detected, at least in your sample capture file.

Edit -> Preferences -> Protocols -> HTTP2 -> Enable HTTP2 heuristic

Hint from the code:

dissect_http2_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{

/* It is not easy to write a good http2 heuristic,
   this heuristic is disabled by default
 */

if (!global_http2_heur)
{
    return FALSE;
}</code></pre><p>Regards<br />



Kurt

answered 16 Apr ‘15, 17:13

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

Using that version on Windows I had to use "Decode As ..." to decode all traffic to tcp port 80 as HTTP2 to get it all to dissect correctly.

answered 15 Apr '15, 06:58

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%