Wireshark will, at times, capture the HTTP/2 traffic (over TLS) without any trouble. However, more often it fails to capture it at all or will only cature .
I suspect that it's unable to unwrap the TLS, however it it can work and then, when refreshing the same page, fail to capture anything above TLS. I can reproduce it from https://example.com.
First time it might just capture the HEADERS, second time nothing.
I'm using Chrome, and have _Disable cache_ ticked in the F12 tooling.
I can prove that Wireshark is capturing traffic because I can filter on the IP and see traffic captures (i.e. ip.dst == 93.184.216.34 || ip.src == 93.184.216.34):
| No. | Delta | Protocol | Info |
|-----|----------|----------|------------------------------------------------------|
| 31 | 0.000000 | TLSv1.2 | Application Data |
| 32 | 0.000068 | TLSv1.2 | Application Data |
| 33 | 0.086955 | TLSv1.2 | Application Data, Application Data, Application Data |
| 34 | 0.000555 | TLSv1.2 | Application Data |
| 35 | 0.003173 | TCP | 51213 → 443 [ACK] Seq=87 Ack=784 Win=516 Len=0 |
| 36 | 0.000270 | TCP | 51213 → 443 [ACK] Seq=87 Ack=823 Win=515 Len=0 |
| 37 | 0.012623 | TLSv1.2 | Application Data |
| 38 | 0.087451 | TLSv1.2 | Application Data, Application Data, Application Data |
| 44 | 0.111776 | TCP | 51213 → 443 [ACK] Seq=149 Ack=1576 Win=513 Len=0 |
Without changing any settings, just refreshing the page again it might capture everything (as it has just now).
I really want to show a live demo of HTTP/2 via Wireshark, but without reliably being able to capture it it's not going to be possible.
Any help would be greatly appreciated. It's really giving me a headache.
