This is a static archive of our old Q&A Site. Please post any new questions and answers at

“” and “http.request.full_uri” filter


I'm making a very minimalistic wireshark profile, so someone without much technical knowledge can get a quick overview of http and ssl/tls traffic ("non-technical" information).


Right now I have the following columns;

No. | Protocol | http.referer | | Info | ssl.handshake.extensions_server_name | http.request.full_uri

My question is, does the last filter (http.request.full_uri) always show the host that is also displayed with the filter?

Or is/can there be a difference between: "" and "http.request.full_uri"? Otherwise I can just use the full_uri filter without the separate host filter.


Is the filter "ssl.handshake.extensions_server_name" the only one that shows some 'understandable' information about encrypted traffic? And what exactly is the role of this server name and why is this not encrypted?

Any other ideas about filters that show this "low-level" information is also appreciated.

Thanks! Danny

asked 12 Jul '16, 07:12

r00t070's gravatar image

accept rate: 0%

edited 12 Jul '16, 08:14

One Answer:


The http.request.full_uri field is the field concatenated with the http.request.uri field, so yes, http.request.full_uri will always show the same host as the field.

answered 12 Jul '16, 22:34

Jim%20Aragon's gravatar image

Jim Aragon
accept rate: 24%