This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to extract a list of server names of all SSL Handshakes present in log?

0

Hi!

I have a pcap file with requests over SSL.

Under:

  1. SSL
  2. TLSv1.2 Record Layer: Handshake Protocol: Client Hello
  3. Handshake Protocol: Client Hello
  4. Extension: server_name
  5. Server Name Indication extension
  6. Server Name

I find the host name of the involved server.

I would like to extract all values of this type into a list.

Do I have to resort to a programmatic solution using an external library with Python f.x. or is there a built in feature which would allow me to accomplish that or something equivalent?

Kind Regards

Raffael

asked 24 Feb '16, 09:47

Raffael1984's gravatar image

Raffael1984
11336
accept rate: 0%

One Answer:

1

Use tshark from the command line, specificying that you only want the server name field, e.g.

tshark -r path\to\your\capture -T fields -e ssl.handshake.extensions_server_name -R ssl.handshake.extensions_server_name

Depending on your OS, you may need to provide the path to tshark and use "/" as the path separator.

answered 24 Feb '16, 11:14

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%