SharpPcap/Wireshark Capture Filter for facebook.com

Sorry for my English.

I want to sniff the http packet from only facebook.com with SharpPcap on C#. Facebook is using multi ip. Facebook ip is changing everything. How to setup capture filter for facebook (SharpPcap capture filters is like Wireshark capture filters开发者_JAVA百科) ?

Note: "host facebook.com" is not work because I get tcp packet. There is no domain name in tcp packet.

If you want to sniff the login, then you have a problem anyway, because that is encrypted. (Actually almost everything on FB is encrypted now).

However, this might be your clue - to look for encrypted traffic (ESP, if i'm not mistaken)

When I last implemented a facebook chat capture the data was transferred in regular http requests.

The rough technique was to look at all tcp connections that were created or in use, identify the ones with http sessions and look at those sessions for characteristic facebook chat information. Once they were identified the next steps were to track and follow the conversation and identify the usernames from the id numbers that facebook used internally.

It was a bit of a process but it appeared to work reliably. It does rely on the chats being plain text however, which I'm not sure that they haven't changed in the year since I implemented the capture app.