1 | initial version |
Although @Jaap is absolutely correct about the decryption of TLS, if your main purpose is:
I want to know what our students are accessing from their personal devices so that I can present it to my admin
Then you do get to see a bit of where students are going. First of all, you could monitor the DNS traffic, but if they are using DoT or DoH, then that won't work. By inspecting the ServerNameIndication extension in the TLS ClientHello, you can see which sites are visited. Make a capture file and run tshark on it like:
tshark -nlr packets.pcapng -Y tls.handshake.type==1 -T fields -e ip.src -e tls.handshake.extensions_server_name