tcpdump for SNI

Question

Can I run a tcpdump on an SNI virtual server and capture only one of the common names/fqdns?&nbsp;

paulius · Answer

jlarger I am not aware of a way to filter by SNI in tcpdump. If you know the IP that you want to filter on you can tcpdump that IP and then open it in wireshark and use filter the following filter. If the filter does not work search for the client hello and drill down until you find the SNI name and right click and filter based on that.
tls.handshake.extensions_server_name contains "yourdomain.com"

Forum Discussion

tcpdump for SNI

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Server Profile SNI

How to Troubleshoot SNI

SNI Routing with BIG-IP

SNI Routing with DNS Lookup

Serverside SNI injection iRule