Finding out websites being visited via https

asked 2024-11-04 15:55:00 +0000

I am trying to find out hosts with which https communications are happening on my computer. I understand that when I enter a website like www.bestbuy.com a DNS call is made with which the ip address of the website is obtained and then the remaining communications with that ip address are encrypted. But given that ip address of the destination server is still visible that can be translated into the actual website using a reverse dns lookup. I have set 'Resolve network (IP) addresses" etc. to true in Preferences. And then enter a display filter like tcp.port == 443 && ip.dst_host == "bestbuy.com" but entering www.bestbuy.com in the browser doesn't produce any packets even though the websites does load on my browser. What am I doing wrong in wireshark?

edit retag flag offensive close merge delete

Comments

www.bestbuy.com is probably not hosted on one machine called that.

C:\Users\admin>nslookup
Default Server:  xxx
Address:  xxx

> server 8.8.8.8
Default Server:  dns.google
Address:  8.8.8.8

> www.bestbuy.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    e5816.x.akamaiedge.net
Address:  23.220.168.228
Aliases:  www.bestbuy.com
          www.bestbuy.com.edgekey.net

> 23.220.168.228
Server:  dns.google
Address:  8.8.8.8

Name:    a23-220-168-228.deploy.static.akamaitechnologies.com
Address:  23.220.168.228

> exit
Chuckc gravatar imageChuckc ( 2024-11-04 18:12:20 +0000 )edit