HTTP2 (h2c-nonTLS) is not being decoded properly

asked 2019-05-31 12:08:47 +0000

Hello, I am having challenges decoding HTTP2 in wireshark (windows x64, latest stable build 3.0.2). The captures are taken from various types of linux machines with tcpdump and the version info is below.


$ /usr/sbin/tcpdump --version

tcpdump version 4.9.2 libpcap version 1.7.4 OpenSSL 1.0.2g 1 Mar 2016

$ /sbin/tcpdump --version

tcpdump version 4.9.2 libpcap version 1.5.3 OpenSSL 1.0.2k-fips 26 Jan 2017


"info" column in wireshark only shows "HEADERS[25]" and "DATA[28]".

Any suggestions as to what might be the issue and how to resolve this?

Thanks in advance.

edit retag flag offensive close merge delete


The versions of tcpdump aren't likely to be relevant. Putting a sample capture file on a public share, e.g. Google Drive, DropBox etc. and posting a link to it back here would be more helpful.

grahamb gravatar imagegrahamb ( 2019-05-31 12:25:19 +0000 )edit

unfortunately its proprietary flow, so can't share the capture.

gates2010 gravatar imagegates2010 ( 2019-06-06 16:42:59 +0000 )edit