Forum Discussion

  • jlarger I am not aware of a way to filter by SNI in tcpdump. If you know the IP that you want to filter on you can tcpdump that IP and then open it in wireshark and use filter the following filter. If the filter does not work search for the client hello and drill down until you find the SNI name and right click and filter based on that.

    tls.handshake.extensions_server_name contains "yourdomain.com"