This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I filter by website names?

0

How can I filter capture by website names? I would like to filter capture by source or destination website contains function and/or exact name. Thank you, Ron

asked 18 Jun '14, 12:21

ronmaagero's gravatar image

ronmaagero
6112
accept rate: 0%


One Answer:

0

You can apply the following display filters to the captured traffic:

http.host=="exact.name.here"

http.host contains "partial.name.here"

Both of those filters are case-sensitive. You can also do a case-insensitive search using the "matches" display filter operator with the regular expressions "(?i)" operator, but you will have to either escape any periods or make them a character class:

http.host matches "(?i)web\.site\.name"

http.host matches "(?i) web[.]site[.]name"

The "(?i)" regular expression operator makes the search case-insensitive.

The http.host field exists in HTTP request packets and contains the name of the web site that was requested. Keep in mind that we can have shared hosting, so we can't tell from the IP address alone what web site a user was browsing to.

An HTTP response does not contain an equivalent field, so you can't tell from the response packets alone what web site the response was from.

answered 18 Jun '14, 13:56

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Jim, Thank You so much for the quick response. Ron Maagero

(20 Jun '14, 11:20) ronmaagero