Tcpdump and https

networkingtcpdump

Why following command doesn't grab the packets to the Facebook site

sudo tcpdump host facebook.com and dst port 443

but next grabs

sudo tcpdump host java.com

Best Answer

https://facebook.com redirects to https://www.facebook.com which has a different IP Address than facebook.com. There is also ssl.facebook.com but I am not sure what it is used for:

$ host facebook.com
facebook.com has address 69.171.229.11
facebook.com has address 69.171.224.37
facebook.com has address 66.220.158.11
facebook.com has address 66.220.149.11
facebook.com has address 69.171.242.11
facebook.com has IPv6 address 2a03:2880:10:1f02:face:b00c:0:25
facebook.com has IPv6 address 2a03:2880:2110:3f01:face:b00c::
facebook.com has IPv6 address 2a03:2880:10:8f01:face:b00c:0:25
facebook.com mail is handled by 10 smtpin.mx.facebook.com.

$ host www.facebook.com
www.facebook.com has address 69.171.237.16
www.facebook.com has IPv6 address 2a03:2880:10:1f03:face:b00c:0:25

$ host ssl.facebook.com
ssl.facebook.com is an alias for star.facebook.com.
star.facebook.com has address 69.171.234.39
star.facebook.com has IPv6 address 2a03:2880:10:cf02:face:b00c:0:4

For java.com on the other hand the entries are the same for both www.java.com and java.com:

$ host java.com             
java.com has address 137.254.16.66
java.com mail is handled by 10 mx5.sun.com.
java.com mail is handled by 10 mx6.sun.com.
java.com mail is handled by 10 mx8.sun.com.
java.com mail is handled by 10 mx9.sun.com.

$ host www.java.com                                                                               
www.java.com is an alias for java.com.
java.com has address 137.254.16.66
java.com mail is handled by 10 mx5.sun.com.
java.com mail is handled by 10 mx6.sun.com.
java.com mail is handled by 10 mx8.sun.com.
java.com mail is handled by 10 mx9.sun.com.
Related Question