Capturing traffic by HTTP host name, not by IP, via WireShark
I'm trying to filter traffic only to a given HTTP host name. I have a server, and I have dozens of websites on it. It only has one interface and one IP address. Thus filtering to my IP address is not helpful here.
Say for example I have a.com, b.com, c.com, ..., z.com sites on my server, and I only need to capture traffic of a.com, even sometimes a specific path of that site, like a.com/register.
Please note that I'm not talking about Display Filters, rather I need to apply a Capture Filter.
How can I do that? None of these filters work for me:
tcp port 80 and host a.com
host a.com
tcpdump host a.com
Solution 1:
Capture filters cannot do what you want. Display filters however, can. Using the HTTP filters, you can do this: http.host == "example.com"
.