Filter in Wireshark for TLS's Server Name Indication field

wireshark

Does wireshark have a filter for TLS's Server Name Indication field?


Solution 1:

ssl.handshake.extensions_server_name

Solution 2:

Shawn E's answer is probably the correct answer but my wireshark version doesnt have that filter. Following filters do exists, however:

To check if the SNI field exists:

ssl.handshake.extension.type == 0

or

ssl.handshake.extension.type == "server_name"

To check if an extension contains certain domain:

ssl.handshake.extension.data contains "twitter.com"

Solution 3:

Newer Wireshark has R-Click context menu with filters.

Find Client Hello with SNI for which you'd like to see more of the related packets.

Drill down to handshake / extension : server_name details and from R-click choose Apply as Filter.

See attached example caught in version 2.4.4

SNI-WireShark-contextFilter

Related

Notepad++ Installation Error
Maximize Remote desktop but not to full screen
Can long range Wi-Fi work if one end of the connection is not using a high-gain antenna?
What does HAMP mean, computer fan context?
What's IE8 equivalent of Chrome and Firefox/Firebug inspect element?
How to increase Remote Desktop resolution?
tmux - Insert a window at a specified position
Why does Excel 2007 changes the text "HSA"to "HAS"?
How to determine whether I have USB3 ports in my laptop?
Reset view preferences for all mac folders
Change encoding of txt file
Can PSU cause my PC to reboot?