How can I know the name of the websites being surfed through my network using wireshark? asked 18 Mar '14, 07:06  Coolboy |
2 Answers:
As most Web sites these days use https protocol and the HTTP traffic is encrypted this http.post filter will not be of help in this environment. I would suggest you trace (at least) all DNS responses along with all SYN packets from clients. The filter would look something like this (udp.srcport eq 53 or tcp[13] eq 2). This way you can resolve the destination addresses of the servers using the DNS responses you have in the trace. (You need to enable Edit-Preferences-Name Resolution-Network (ip) addresses) You can then filter on all client SYN requests to see where they connect to... answered 20 Mar '14, 10:36  mrEEde |
Use http.host as a display filter or even better create a column for it. answered 19 Mar '14, 06:58  Roland How can I create a display filter or create a column for it? (19 Mar '14, 09:08) Coolboy Just type in the filter field http.host and Apply. In the packet details expand Hypertext Transfer Protocol, right click on Host and Apply as a column. Or go to Edit - Preferences - User Interface - Columns and add a Custom column with the Field Name http.host (19 Mar '14, 13:22) Roland |
What do you know with "name" ? Do you mean title tags or do you mean hostnames?