gregjhogan/wireshark-tls-sni-http-filter

Last active October 20, 2022 00:32

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/gregjhogan/3a5cf79bebd78c1a0ca6566400dd357e.js"></script>
Save gregjhogan/3a5cf79bebd78c1a0ca6566400dd357e to your computer and use it in GitHub Desktop.

Download ZIP

wireshark tls sni and http filter

Raw

wireshark-tls-sni-http-filter

ssl.handshake.extension.type == "server_name" || http.host

ezbik commented Sep 23, 2020

tshark -l -i enp0s3 -f 'dst port ( 80 or 8054 or 443 or 993 ) ' -Y 'ssl.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e ssl.handshake.extensions_server_name -e http.host

mac-zhou commented Mar 29, 2022

change ssl.handshake.extensions_server_name to tls.handshake.extensions_server_name

tshark -l -i enp0s3 -f 'dst port ( 80 or 8054 or 443 or 993 ) ' \
-Y 'ssl.handshake.extension.type == "server_name" || http.host' \
-T fields -e ip.src -e ip.dst -e tcp.dstport -e tls.handshake.extensions_server_name -e http.host

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment