ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] HTTP2 stream id detection

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Tue, 5 Mar 2019 09:34:06 -0500
Hi Raj,

For better or worse, a lot of folks have moved over to the Q&A site: ask.wireshark.org ; there's not much traffic on the -users list anymore.

What are you trying to achieve?

The reason there are only 12 frames marked as HTTP2 is because the other frames are marked as [TCP segment of a reassembled PDU] - meaning that Wireshark realizes that the frame is part of a larger (multi-frame) message and so it's only going to dissect the reassembled frame as HTTP2.  This means you should be able to get all the data on that (large) later frame.

With other dissectors (including HTTP) you can get away with disabling reassembly (by disabling the TCP preference that allows subdissectors to reassemble) but with HTTP2 (at least with this trace) the HTTP2 dissector doesn't seem very happy with the result (there are lots of malformed packets).  I'd actually expect the HTTP2 dissector to just say, for example, "Continuation" (or similar) in this case.

I don't know enough about HTTP2 if there's any reason this isn't done with this dissector too; you could consider opening a bug report ( https://bugs.wireshark.org ) about it.

Regards,
-Jeff

On Mon, Mar 4, 2019 at 5:33 PM Rajvardhan Deshmukh <rdeshmukh@xxxxxxxxx> wrote:
Hi all,

This email might have slipped through.

I was wondering if anyone could help me with the following problem.

I am trying to get the HTTP/2 stream id (so use h2c (clear-text)) from
the trace for the experiment that i have run.
The experiment is communication between mptcp capable nodes.

I use the libcurl based client which allows me to downloaded 2 files
(video of 2 second) in parallel
( video segment #1
http://10.10.3.2:9001/www-itec.uni-klu.ac.at/ftp/datasets/DASHDataset2014/BigBuckBunny/2sec/bunny_4219897bps/BigBuckBunny_2s13.m4s
video segment #2
http://10.10.3.2:9001/www-itec.uni-klu.ac.at/ftp/datasets/DASHDataset2014/BigBuckBunny/2sec/bunny_3526922bps/BigBuckBunny_2s13.m4s
)

here is the tcpdump trace
https://umass.box.com/s/2n7st4012vwp8yirddd23pnexho3trxf


Wireshark trace analysis step:
1. Edit > Preferences > Protocols > HTTP2 > HTTP2 TCP port 9001

i see multiple tcp and mptcp packets but, only 12 HTTP/2 packets
(verified that the video segments use 2 different streams)
on one interface and none on the other interface.

I need the HTTP/2 stream number which is only visible in HTTP/2
packets to differentiate if the packet belongs to
video segment #1 or the  video segment#2 . With what i have right now,
i can't differentiate if the segment belongs to
video segment #1 or video segment #2.

Let me know if you can direct me to someone who can help.
I have gotten in touch with libcurl folks and they suggested that i ask
the wireshark-forum.

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube