Finding out websites being visited via https
I am trying to find out hosts with which https communications are happening on my computer. I understand that when I enter a website like www.bestbuy.com a DNS call is made with which the ip address of the website is obtained and then the remaining communications with that ip address are encrypted. But given that ip address of the destination server is still visible that can be translated into the actual website using a reverse dns lookup. I have set 'Resolve network (IP) addresses" etc. to true in Preferences. And then enter a display filter like tcp.port == 443 && ip.dst_host == "bestbuy.com" but entering www.bestbuy.com in the browser doesn't produce any packets even though the websites does load on my browser. What am I doing wrong in wireshark?
www.bestbuy.comis probably not hosted on one machine called that.C:\Users\admin>nslookup Default Server: xxx Address: xxx > server 8.8.8.8 Default Server: dns.google Address: 8.8.8.8 > www.bestbuy.com Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: e5816.x.akamaiedge.net Address: 23.220.168.228 Aliases: www.bestbuy.com www.bestbuy.com.edgekey.net > 23.220.168.228 Server: dns.google Address: 8.8.8.8 Name: a23-220-168-228.deploy.static.akamaitechnologies.com Address: 23.220.168.228 > exit