You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, I took a look at the pcap and they're using an http upgrade -- have you seen something similar in the wild? I was under the impression that none of the mainstream browsers (chrome, firefox, safari) would negotiate http2 in the clear.
Also, this is a partial connection that only contains the data payload and not the tcp connection -- bro/zeek doesn't even seem to detect this as http 1.x afaict, so I think this would fall under the PIA architecture (embedded protocols within protocols) in Zeek, so not sure how to address this if Zeek isn't picking it up as an http 1.x connection ... do you have any pcaps that look similar that I could take a look at?
I was looking at one of the sample pcaps from WireShark, http2-h2c.pcap. Would you be able to update this plugin to support h2c also?
https://wiki.wireshark.org/HTTP2?action=AttachFile&do=get&target=http2-h2c.pcap
The text was updated successfully, but these errors were encountered: