This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

HTTP/2

LawJianMing
Beginner
Beginner

‎2016-12-16 04:58 AM

How does RSA Netwitness Decoder handle SPDY or HTTP/2 traffic?

Will the decoder be able to parse the traffic into the meta keys accurately?

0 Likes
1 REPLY 1

KEVINDIENST
Beginner
Beginner

‎2016-12-20 05:57 PM

I have asked for this information from RSA support. 

 

From what I have been told they are working on providing support for it in the packet decoding parsers but it isn't a huge priority due to the fact that almost all HTTP/2 traffic is opportunistically encrypted. Thus there is a limited amount of valuable metadata that could be generated outside of what the existing network parsers would generate (ip.src, ip.dst, port, etc). 

 

I have yet to inject this data into my decoders and see what we get. I imagine Service = 0 and tcp.dstport = 443. I'd submit something to RSA support requesting it via RFE. 

 

If you find something else out, let me know!

 

Regards

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.