The vulnerability has been described in the A Slow Rate Denial-of-Service Attack Against HTTP/2 research paper.
Here are the HTTP/2 packets that the tool sends
packet #12: Client initiates the connection with Connection Preface, SETTINGS frame, and WINDOW_UPDATE frame on Stream #0
packet #14: Server responds with its own SETTINGS frame
packet #15: Client asks for a web page on Stream #1
packet #17: Server responds with the web page contents
packet #19: Client sends a SETTINGS frame with ACK flag
packet #21: Client resets Stream #1
packet #23: Server closes the connection with GOAWAY frame