ADDING HTTPS SERVER NAMES TO THE COLUMN DISPLAY IN WIRESHARK

Before doing this, you should've already set up your Wirshark column display as shown shown here.  At the very least, you should be familiar with adding columns to Wireshark, which I covered in that blog post.  This is how I display a column for ssl.handshake.extensions_server_name, which is helpful for showing servers using HTTPS from a pcap in your Wireshark display.

 

It's relatively simple.

I've illustrated this in the image below:

 

You can hide or display (or completely remove) colums from the Wireshark display by right-clicking on the bar with the column headers as shown below.

 

Use ssl.handshake.extensions_server_name in the filter if you want to see server names for the HTTPS traffic.  This works for normal HTTPS traffic, such as the type you might find while web browsing.

 

FINAL NOTES

Setting up this column in Wireshark is useful when looking at HTTPS traffic and filtering on ssl.handshake.extensions_server_name.

Click here to return to the main page.