This exercise is one of our challenges to help you learn how to analyze PCAP files

< 1 Hr.
PCAP badge


This challenge involves analyzing a PCAP file that contains a TLS connection. The client initiates the connection with a "Client Hello" message, which includes a Server Name Indication (SNI) extension. The SNI extension allows the client to specify the hostname it wants to connect to, enabling the server to send the correct certificate. Without SNI, the server would not know which certificate to present, especially when multiple TLS servers are hosted on the same IP address.

Using Wireshark, you will inspect the PCAP file and locate the SNI value in the "Client Hello" packet. This value is essential because it specifies the target TLS server. Note that the exercise requires you to extract the SNI value without including the ".pentesterlab.com" domain. Understanding SNI is critical for effective network security analysis and for ensuring that clients and servers can communicate correctly over TLS.

Want to learn more? Get started with PentesterLab Pro! GO PRO