diff options
author | Alexander Gryanko <xpahos@gmail.com> | 2019-02-27 07:55:52 +0300 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2019-09-22 05:29:30 +0000 |
commit | 9fff62e2a8a19b94f665b2937242b65fe0ef49fc (patch) | |
tree | 0089c0553d2e6686fb9797dc17f928298caf7abc /doc | |
parent | 893a2d9c62e8dcc4fe0f43c47e01743136f55386 (diff) |
Qt, http2: Add Follow HTTP/2 Stream functionality
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/tshark.pod | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/doc/tshark.pod b/doc/tshark.pod index 803272705b..afcacf332e 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -1219,7 +1219,7 @@ Example: B<-z flow,tcp,network> will show data flow for all TCP frames =item B<-z> follow,I<prot>,I<mode>,I<filter>[I<,range>] -Displays the contents of a TCP or UDP stream between two nodes. The data +Displays the contents of a TCP or UDP stream between two nodes. The data sent by the second node is prefixed with a tab to differentiate it from the data sent by the first node. @@ -1241,10 +1241,12 @@ of each section of output plus a newline precedes each section of output. I<filter> specifies the stream to be displayed. UDP/TCP streams are selected with either the stream index or IP address plus port pairs. TLS streams are -selected with the stream index. For example: +selected with the stream index. HTTP/2 streams are selected by combination of +UDP/TCP and HTTP/2 streams indices. For example: ip-addr0:port0,ip-addr1:port1 stream-index + stream-index,substream-index I<range> optionally specifies which "chunks" of the stream should be displayed. @@ -1277,6 +1279,23 @@ display the contents of a TCP stream between 200.57.7.197 port 32891 and 4 .... +Example: B<-z "follow,http2,hex,0,1"> will display the contents of a HTTP/2 +stream on the first TCP session (index 0) with HTTP/2 Stream ID 1. + + =================================================================== + Follow: http2,hex + Filter: tcp.stream eq 0 and http2.streamid eq 1 + Node 0: 172.16.5.1:49178 + Node 1: 172.16.5.10:8443 + 00000000 00 00 2c 01 05 00 00 00 01 82 04 8b 63 c1 ac 2a ..,..... ....c..* + 00000010 27 1d 9d 57 ae a9 bf 87 41 8c 0b a2 5c 2e 2e da '..W.... A...\... + 00000020 e1 05 c7 9a 69 9f 7a 88 25 b6 50 c3 ab b6 25 c3 ....i.z. %.P...%. + 00000030 53 03 2a 2f 2a S.*/* + 00000000 00 00 22 01 04 00 00 00 01 88 5f 87 35 23 98 ac .."..... .._.5#.. + 00000010 57 54 df 61 96 c3 61 be 94 03 8a 61 2c 6a 08 2f WT.a..a. ...a,j./ + 00000020 34 a0 5b b8 21 5c 0b ea 62 d1 bf 4.[.!\.. b.. + 0000002B 00 40 00 00 00 00 00 00 01 89 50 4e 47 0d 0a 1a .@...... ..PNG... + =item B<-z> h225,counter[I<,filter>] Count ITU-T H.225 messages and their reasons. In the first column you get a |