How do I view HTTPS in Wireshark?
If you use HTTPS for secure transport, you can see this in your Wireshark capture. Click View -> Details to see the TLS/SSL details. Wireshark captures the plaintext (plain TCP) traffic, as well as any encrypted and/or authenticated traffic such as SSL or TLS, like any other packet capture tool. How do I turn on or off encryption? While it's not possible to view SSL sessions without enabling encryption (with TLS 1.0 and later) in Wireshark, there is a way toggle or force the protocol onto the wire.
Bypass any encryption of the current session with SSL: (This can be enabled during SSL connection setup or dynamically if you start and stop an SSL connection.) The Disable Client-Side Compression checkbox will disable the Client-Side Compression (CCS) extension, thereby forcing data across the connection to be sent in plaintext as opposed to its compressed form. This can impact performance on the network, but it will help ensure that the captured packets are in their original format. For example, if you're analyzing HTTP POSTs to a server which has an option to compress or not compress HTTP/1.1 data, then you can disable the compression in order to see how much data is sent on a single TCP flow.
The Enable Explicit TLS Renegotiation checkbox should force TLS renegotiation after each data payload and ensure that the next payload is sent with a clean slate, rather than a fresh resumption of the connection. The following example shows using Disable Client-Side Compression and Explicit TLS Renegotiation when you're capturing https traffic. It's important to note that you can't enable TLS renegotiation and disable compression at the same time: In other words, enabling this option means that Wireshark will start negotiating TLS renegotiation. It will keep the option active until the connection terminates. Therefore, you shouldn't just enable this optionyou should wait until the connection is terminated, or turn the option off again.
How do I view SSH or FTP traffic? There are different ways to view such traffic in Wireshark.
Related Answers
How to analyse Wireshark traffic?
What is the difference between Protocol and Application? How do I f...
Is there a Wireshark for Mac?
(I'm on OS X 10.6.8) After using it for a while, now my question is no...
How to capture Wi-Fi on Wireshark?
In this article, I'll teach you how to capture the Wi-Fi traffic on Wire...