0

Suppose after pretty printing, my http/2 packet was displayed like :

Layer HTTP2:
     Stream: HEADERS, Stream ID: 85, Length 169, POST xxxxxxxxxx
     Length: 169
     Type: HEADERS (1)
     Flags: 0x24
     .... ...0 = End Stream: False
     .... .1.. = End Headers: True
     .... 0... = Padded: False
     ..1. .... = Priority: True
     00.0 ..0. = Unused: 0x00
     0... .... .... .... .... .... .... .... = Reserved: 0x0
     .000 0000 0000 0000 0000 0000 0101 0101 = Stream Identifier: 85
     Pad Length: 0
     0... .... .... .... .... .... .... .... = Exclusive: False
     .000 0000 0000 0000 0000 0000 0000 1011 = Stream Dependency: 11
     Weight: 21
     Weight real: 22

and so on and so forth. I tried to extract the 'stream ID' by writing down the following commands :

print(cap[i].http2.stream['stream_ID'])

I tried the above approach because the "stream" field looked like key-value pairs of a dictionary to me. But it did not work. Can you help me out as to how I can extract the value of "Stream ID" from the above mentioned piece of code? P.S. "stream" is a field name of "http2" packet which gives me

Stream: HEADERS, Stream ID: 19, Length 30, POST xxxxxxx

when I apply the command

print(cap[i].http2.stream)
Nilufa Islam
  • 29
  • 4

2 Answers2

0

Try out the method I described in one of my other answers:

Using Pyshark to pair key and value from JSON packet

I was able to use this method to extract key value pairs from JSON and HTTP layers of packets. Should be applicable for HTTP/2 packets as well. You can set 'use_json=True' and 'include_raw=False' while capturing the packets.

goldenBeard
  • 11
  • 3
0

The stream id is accessible via the tcp tag. i.e

cap = ps.FileCapture(trace)
for packet in cap:
    print(packet.tcp.stream)
mfmz
  • 227
  • 1
  • 5
  • 18