 | 1 | initial version |
DNS for www.yahoo.com use dns contains www.yahoo.com
TCP handshake for www.yahoo.com TCP hand shake will be with what ever ip address is resolved against www.yahoo.com
HTTP GET request http.host contains "www.yahoo.com"
I have just opened yahoo and it was https so use ssl.handshake.extensions_server_name == "www.yahoo.com"
so the possible combination for display filter will be
dns contains www.yahoo.com || http.host contains "www.yahoo.com" || ssl.handshake.extensions_server_name == "www.yahoo.com"
| | 2 | No.2 Revision |
DNS for www.yahoo.com use dns contains www.yahoo.com
TCP handshake for www.yahoo.com TCP hand shake will be with what ever ip address is resolved against www.yahoo.com
HTTP GET request http.host contains "www.yahoo.com"
I have just opened yahoo and it was https so use ssl.handshake.extensions_server_name == "www.yahoo.com"
so the possible combination for display filter will be
dns contains www.yahoo.com || http.host contains "www.yahoo.com" || ssl.handshake.extensions_server_name == "www.yahoo.com"
| | 3 | No.3 Revision |
DNS for www.yahoo.com
use
use
dns contains www.yahoo.com
TCP handshake for www.yahoo.com TCP hand shake will be with what ever ip address is resolved against www.yahoo.com
HTTP GET request http.host contains "www.yahoo.com"
I have just opened yahoo and it was https so use ssl.handshake.extensions_server_name == "www.yahoo.com"
so the possible combination for display filter will be
dns contains www.yahoo.com || http.host contains "www.yahoo.com" || ssl.handshake.extensions_server_name == "www.yahoo.com"
| | 4 | No.4 Revision |
DNS for www.yahoo.com use dns contains www.yahoo.com
TCP handshake for www.yahoo.com
TCP hand shake will be with what ever ip address is resolved against www.yahoo.comwww.yahoo.com
Remember these days opening a webpage is not a tcp threeway handshake with single resolved ip address. I have seen multiple tcp sessions for single website.
HTTP GET request
http.host contains "www.yahoo.com" "www.yahoo.com"
I have just opened yahoo and it was https so use ssl.handshake.extensions_server_name == "www.yahoo.com"
so the possible combination for display filter will be
dns contains www.yahoo.com || http.host contains "www.yahoo.com" || ssl.handshake.extensions_server_name == "www.yahoo.com"
| | 5 | No.5 Revision |
DNS for www.yahoo.com
www.yahoo.com use
dns contains www.yahoo.com
TCP handshake for www.yahoo.com TCP hand shake will be with what ever ip address is resolved against www.yahoo.com Remember these days opening a webpage is not a tcp threeway handshake with single resolved ip address. I have seen multiple tcp sessions for single website.
HTTP GET request http.host contains "www.yahoo.com"
I have just opened yahoo and it was https so use ssl.handshake.extensions_server_name == "www.yahoo.com"
so the possible combination for display filter will be
dns contains www.yahoo.com || http.host contains "www.yahoo.com" || ssl.handshake.extensions_server_name == "www.yahoo.com"
