Wireshark-users: Re: [Wireshark-users] HTTP2 stream id detection

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Tue, 5 Mar 2019 01:58:23 +0000
I am definitely no expert in http2, but if you first filter on "http2" traffic to reduce the dataset to the 12 packets you mentioned (assuming TCP reassembly is enabled), you can then expand on the HyperText Transfer Protocol 2" in the packet details pane and the find and right-click on the "Stream Identifier" and choose "Apply as Column".  That will show you which packets are associated with which stream.  If I'm reading the information correctly, video segment #1 is associated with http2.streamid 1 and video segment #2 is associated with http2.streamid 3.  It would seem that only data for video segment #1 appears in the capture file though, judging by the values in the "Stream Identifier" column.

I'm not sure if this helps you?
- Chris

-----Original Message-----
From: Wireshark-users [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Rajvardhan Deshmukh
Sent: Monday, March 4, 2019 5:32 PM
To: Wireshark Users <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] HTTP2 stream id detection

[THIS MESSAGE ORIGINATED FROM A NON-IGT EMAIL ADDRESS]



Hi all,

This email might have slipped through.

I was wondering if anyone could help me with the following problem.

I am trying to get the HTTP/2 stream id (so use h2c (clear-text)) from the trace for the experiment that i have run.
The experiment is communication between mptcp capable nodes.

I use the libcurl based client which allows me to downloaded 2 files (video of 2 second) in parallel ( video segment #1 http://10.10.3.2:9001/www-itec.uni-klu.ac.at/ftp/datasets/DASHDataset2014/BigBuckBunny/2sec/bunny_4219897bps/BigBuckBunny_2s13.m4s
video segment #2
http://10.10.3.2:9001/www-itec.uni-klu.ac.at/ftp/datasets/DASHDataset2014/BigBuckBunny/2sec/bunny_3526922bps/BigBuckBunny_2s13.m4s
)

here is the tcpdump trace
https://umass.box.com/s/2n7st4012vwp8yirddd23pnexho3trxf


Wireshark trace analysis step:
1. Edit > Preferences > Protocols > HTTP2 > HTTP2 TCP port 9001

i see multiple tcp and mptcp packets but, only 12 HTTP/2 packets (verified that the video segments use 2 different streams) on one interface and none on the other interface.

I need the HTTP/2 stream number which is only visible in HTTP/2 packets to differentiate if the packet belongs to video segment #1 or the  video segment#2 . With what i have right now, i can't differentiate if the segment belongs to video segment #1 or video segment #2.

Let me know if you can direct me to someone who can help.
I have gotten in touch with libcurl folks and they suggested that i ask the wireshark-forum.

Thanks,
Raj
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.