SNI - Server Network Information what's used for
Server Name Indication (SNI)
Server Name Indication (SNI) is an add-on to the TLS protocol. It lets a client or browser tell the server which website it wants to access right at the beginning of the secure connection process. This way, the server can use different security certificates for different websites, even if they all share the same IP address and port.
How SNI Works in TLS
ClientHello Message: During the initial handshake phase, the client sends a ClientHello message to the server. This message includes the SNI extension, which contains the hostname the client wishes to connect to.
Capture in wireshark
To capture the Server Name Indication (SNI) using Wireshark, you need to filter and analyze the Transport Layer Security (TLS)
packets during the TLS handshake.
ECH Encryption
SNI (Server Name Indication) reveals the website's name in plain text during the connection process, which can show which site the user is visiting. To fix this, Encrypted SNI (ESNI) and the newer Encrypted ClientHello (ECH) ECH - Encrypted Client Hello were created to encrypt this information during the connection.