Re: Capturing https traffic

[Sake Blok <sake () euronet nl>]

On 27 aug 2010, at 22:12, Guy Harris wrote:
> On Aug 27, 2010, at 1:02 PM, Arya wrote:
> > I have Wireshark 64 bit installed on Windows 7 and I'm unable to capture https traffic with it.
>
> What happens if you try to capture https traffic - for example, if you capture with a capture filter of "tcp port 
> 443"?  Do you see no packets (which means it's not *capturing* https traffic), or do you see packets that Wireshark 
> doesn't dissect as https traffic (which means that it might be *capturing* it, it just might not be *recognizing* it 
> as https traffic)?  It will only recognize https traffic if it's to or from one of the ports specified in the 
> "SSL/TLS Ports" preference for the HTTP dissector; the default setting for that is 443, so only traffic to or from 
> port 443 will be recognized as https traffic.

Or do you capture https traffic that is recognized as SSL (which is how it will show in the protocol column), but you 
are not able to decrypt it as you can't seem to find the preference to put the private key in? This can be caused by 
the fact that only recently the libraries for decypting SSL traffic have been added to the 64bit version of Wireshark 
(try an automated build from http://www.wireshark.org/download/automated/ ).

Cheers,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe