How to show all HTTP2 headers using tshark?
2020-05-05
After sniffing with tcpdump, how can I show all HTTP2 header using tshark?
First, find the frame number based on method:
1$ tshark -r grpc.pcapng -Y 'http2.headers.path contains "getBook"' 2214 923.033174 127.0.0.1 → 127.0.0.1 HTTP2 150 HEADERS[1]: POST /book.BookInfo/getBook
and then show the packet details:
1tshark -r grpc.pcapng -Y "frame.number == 214" -V 2 3HyperText Transfer Protocol 2 4 Stream: HEADERS, Stream ID: 1, Length 85, POST /book.BookInfo/getBook 5 Length: 85 6 Type: HEADERS (1) 7 Flags: 0x04 8 .... ...0 = End Stream: False 9 .... .1.. = End Headers: True 10 .... 0... = Padded: False 11 ..0. .... = Priority: False 12 00.0 ..0. = Unused: 0x00 13 0... .... .... .... .... .... .... .... = Reserved: 0x0 14 .000 0000 0000 0000 0000 0000 0000 0001 = Stream Identifier: 1 15 [Pad Length: 0] 16 Header Block Fragment: 8386459162339faaf74e7eb92a94ec4c54dd39faff418b08… 17 [Header Length: 216] 18 [Header Count: 8] 19 Header: :method: POST 20 Name Length: 7 21 Name: :method 22 Value Length: 4 23 Value: POST 24 :method: POST 25 [Unescaped: POST] 26 Representation: Indexed Header Field 27 Index: 3 28 Header: :scheme: http 29 Name Length: 7 30 Name: :scheme 31 Value Length: 4 32 Value: http 33 :scheme: http 34 [Unescaped: http] 35 Representation: Indexed Header Field 36 Index: 6 37 Header: :path: /book.BookInfo/getBook 38 Name Length: 5 39 Name: :path 40 Value Length: 22 41 Value: /book.BookInfo/getBook 42 :path: /book.BookInfo/getBook 43 [Unescaped: /book.BookInfo/getBook] 44 Representation: Literal Header Field with Incremental Indexing - Indexed Name 45 Index: 5 46 Header: :authority: 127.0.0.1:50051 47 Name Length: 10 48 Name: :authority 49 Value Length: 15 50 Value: 127.0.0.1:50051 51 :authority: 127.0.0.1:50051 52 [Unescaped: 127.0.0.1:50051] 53 Representation: Literal Header Field with Incremental Indexing - Indexed Name 54 Index: 1 55 Header: content-type: application/grpc 56 Name Length: 12 57 Name: content-type 58 Value Length: 16 59 Value: application/grpc 60 content-type: application/grpc 61 [Unescaped: application/grpc] 62 Representation: Literal Header Field with Incremental Indexing - Indexed Name 63 Index: 31 64 Header: user-agent: grpc-go/1.24.0 65 Name Length: 10 66 Name: user-agent 67 Value Length: 14 68 Value: grpc-go/1.24.0 69 user-agent: grpc-go/1.24.0 70 [Unescaped: grpc-go/1.24.0] 71 Representation: Literal Header Field with Incremental Indexing - Indexed Name 72 Index: 58 73 Header: te: trailers 74 Name Length: 2 75 Name: te 76 Value Length: 8 77 Value: trailers 78 [Unescaped: trailers] 79 Representation: Literal Header Field with Incremental Indexing - New Name 80 Header: grpc-client: evans 81 Name Length: 11 82 Name: grpc-client 83 Value Length: 5 84 Value: evans 85 [Unescaped: evans] 86 Representation: Literal Header Field with Incremental Indexing - New Name