Get Client Hello from Wireshark

Question

I need to get the Client Hello Cipher Suite for a website. The website is https://stripe.com/ When I start Wire-shark I start capturing and wait about 15 seconds then stop it and filter the data to

ip.src == 54.187.119.242

IP address changes every minute, need to ping stripe.com in cmd

I get a Server Hello, but not a Client Hello. Am I not supposed to be getting the Client Hello? Here is the server Hello:

Do I need to wait more, or do something, or does it not show the Client Hello at all. Have not really used Wire Shark that much, so newbie question.

Answer 1

If you want bi-directional traffic, you need to either specify ip.addr == 54.187.119.242, or filter on IP pairs, e.g.:

(ip.src == 54.187.119.242 && ip.dst == X.X.X.X) || (ip.src == X.X.X.X && ip.dst == 54.187.119.242)