What is HTTP2 in Wireshark?

HTTP1 and HTTP2 are separate versions of web standards, which implies that the former is the original and the latter is a newer version. While there are only a few major changes between them, they have both been developed to address issues within their predecessor. For example, early on in development, HTTP1 had a lot of limitations and problems that needed to be addressed. To this point, you might wonder why anyone would use an older protocol when it could potentially be replaced by newer versions. 

 

File uploads or transfers:

In HTTP1, once a user uploaded a file to the server, it became part of the HTML source code and was visible to anyone with access to the site. To protect against this, browsers came up with workarounds like cookies and redirects. This simply prevented files from being visible on the Internet. If we assume that all browsers (or clients) are configured in the same way, then this is not an issue. However, this isn’t always how things work out in practice. As we all know, there are different versions of browsers available for different platforms and will usually be configured differently as well. So, even if a user is on a Website, they may be unable to view a file that was uploaded by someone else. The solution to this was to have the server send an HTTP response code to browsers informing them that the file was not meant for public viewing. There are still some major websites that do not implement proper protection against file uploads. For example, most torrent sites do not use any kind of protection on files and instead rely on IP address filtering or encryption to secure downloads.

Security:

When it comes to security, HTTP1 is not a very secure protocol. There are many types of attacks that can be launched via HTTP1, and most of them are still viable unless the user is behind a strong firewall. SSL/TLS is supposed to be used in conjunction with HTTP1; however, this can lead to another problem. For example, in the past, it was possible for an attacker to launch a man-in-the-middle attack on the network and hijack an SSL site with relative ease. While this is no longer possible, the underlying issues still remain with HTTP1.
The main issue with HTTP1 is that it does not use encryption. Using the classic example of a credit card purchase with an online merchant, all the information that is entered and sent is sent in plain text. The only thing protecting this data from prying eyes are passwords and usernames; however, there have been major data breaches in the past that have resulted in users having their usernames and passwords stolen by attackers. This has resulted in some companies being forced to reset everyone’s username and password for their sites because of these major breaches.

Countermeasures: 

• To prevent this from happening, companies now use two-factor authentication. 
• This adds another layer of security by requiring users to enter something extra during the login process. The extra factor can be entered via a one-time password or smartcard, however, this can be inconvenient as it requires extra devices (i.e.: smartphones).
• The main issue with HTTP1 is that it does not use encryption
• With HTTP2, the situation will improve dramatically by requiring all data to be encrypted using TLS. This means that the username, password, and credit card information will no longer be exposed to the public and attackers.

Points to Remember:

• No implied information. 
• When talking about network protocols, implied information is any extra data that is sent by a protocol that isn’t needed to be used; however, it can be used if the network is designed to use it. 
• An example of this would be the User-Agent header in HTTP1. In HTTP1, there are headers that are sent by Web clients to Web servers that provide extra information about the client either for logging or for personal reasons (e.g., ads). The problem with these headers is that they have no defined format and will often contain the same string from different clients with identical version numbers.