Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for h2c #8

Open
neslog opened this issue Aug 3, 2020 · 1 comment
Open

support for h2c #8

neslog opened this issue Aug 3, 2020 · 1 comment

Comments

@neslog
Copy link

neslog commented Aug 3, 2020

I was looking at one of the sample pcaps from WireShark, http2-h2c.pcap. Would you be able to update this plugin to support h2c also?

https://wiki.wireshark.org/HTTP2?action=AttachFile&do=get&target=http2-h2c.pcap
@Mraoul
Copy link
Contributor

Mraoul commented Aug 31, 2020

So, I took a look at the pcap and they're using an http upgrade -- have you seen something similar in the wild? I was under the impression that none of the mainstream browsers (chrome, firefox, safari) would negotiate http2 in the clear.

Also, this is a partial connection that only contains the data payload and not the tcp connection -- bro/zeek doesn't even seem to detect this as http 1.x afaict, so I think this would fall under the PIA architecture (embedded protocols within protocols) in Zeek, so not sure how to address this if Zeek isn't picking it up as an http 1.x connection ... do you have any pcaps that look similar that I could take a look at?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mraoul @neslog