I am working on a Deep Packet Inspection project of my own. In order to test this, I need https/ssl packet dump from a specific site.
As an example I want to capture all the packets transmitted during a Facebook session.
I tried wire-shark but I do not know how to capture packets, only related to Facebook since they can be originated from different domains, not only from www.facebook.com
Can anyone suggest me a way to do this?
Thank you.
Not sure wireshark can do it now. Correct me if I am wrong, currently it supports capture filter like "host www.facebook.com" by doing a DNS query to get a list of IP addresses for this hostname. Then it generates binary code to filter out packets to/from those resolved IPs.
If you know the list of hostnames in this domain (x1.facebook.com x2.facebook.com ...), you can create a filter like "host x1.facebook.com or host x2.facebook.com ..."
If you don't know the list of hostnames, then you have to write a specific capture software, which monitors all the DNS queries sent from the host, if it's for xxx.facebook.com, then keep track of the resolved IP addresses, save any packets sent to/from these IPs. For this to work, you have to clear DNS cache.
Hope it helps.
