This is our old Q&A Site. Please post any new questions and answers at

I have just openend a capture session and looking at the packets go by I get TLS connections to Whois resolves to Cloudfare and WTF?

asked 20 Feb '14, 17:56

Leinad's gravatar image

accept rate: 0%

alt text

(20 Feb '14, 17:58) Leinad

Note that this address is also used by the main site:

$ host has address has address

As well as this site, the bug tracker, and others:

$ host has address has address

$ host has address has address

Does the TLS connection contain an SNI field? Wireshark periodically checks for updates, which is likely the traffic you're seeing. You can disable this via Edit→Preferences→User Interface. (...and if you disable this setting and still see this behavior please let us know.)

We currently use CloudFlare because they're effective at blocking DDoS attacks. I'm not sure why we get DDoS attacks. You'd have to ask the attackers.

permanent link

answered 20 Feb '14, 18:54

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 20 Feb '14, 17:56

question was seen: 13,129 times

last updated: 20 Feb '14, 19:07

p​o​w​e​r​e​d by O​S​Q​A