This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm making a very minimalistic wireshark profile, so someone without much technical knowledge can get a quick overview of http and ssl/tls traffic ("non-technical" information).

QUESTION 1

Right now I have the following columns;

No. | Protocol | http.referer | http.host | Info | ssl.handshake.extensions_server_name | http.request.full_uri

My question is, does the last filter (http.request.full_uri) always show the host that is also displayed with the http.host filter?

Or is/can there be a difference between: "http.host" and "http.request.full_uri"? Otherwise I can just use the full_uri filter without the separate host filter.

QUESTION 2

Is the filter "ssl.handshake.extensions_server_name" the only one that shows some 'understandable' information about encrypted traffic? And what exactly is the role of this server name and why is this not encrypted?

Any other ideas about filters that show this "low-level" information is also appreciated.

Thanks! Danny

asked 12 Jul '16, 07:12

r00t070's gravatar image

r00t070
6437
accept rate: 0%

edited 12 Jul '16, 08:14


The http.request.full_uri field is the http.host field concatenated with the http.request.uri field, so yes, http.request.full_uri will always show the same host as the http.host field.

permanent link

answered 12 Jul '16, 22:34

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×40

question asked: 12 Jul '16, 07:12

question was seen: 5,372 times

last updated: 12 Jul '16, 22:34

p​o​w​e​r​e​d by O​S​Q​A