Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

tcpdump for SNI

jlarger
Cirrus
Cirrus

‎26-Jan-2023 03:08

Can I run a tcpdump on an SNI virtual server and capture only one of the common names/fqdns? 

Labels:
0 Kudos
1 REPLY 1

Paulius
MVP
MVP

‎26-Jan-2023 07:20

@jlarger I am not aware of a way to filter by SNI in tcpdump. If you know the IP that you want to filter on you can tcpdump that IP and then open it in wireshark and use filter the following filter. If the filter does not work search for the client hello and drill down until you find the SNI name and right click and filter based on that.

tls.handshake.extensions_server_name contains "yourdomain.com"

0 Kudos
Copyright © 2023 Khoros, LLC