0

I am new to networking and Wireshark in general, but there's one thing I'm really stuck on.

I opened Wireshark, started sniffing, then I went to different websites both using HTTP and HTTPS. I stopped the sniffing and tried to filter out "http" and "https" (different tries), but it shows nothing. In the Protocol column I see only TCP, UPD, DNS, TLSv1 etc. But no HTTP and not HTTPS. What may cause this? Thanks

Corali
  • 11
  • 2
  • Welcome to Stack Overflow! Can you edit (button at the bottom of your question) your question to include the websites you went to? Which browser did you access them with? It may also help if you included a link to the packet capture of this traffic. – Ross Jacobs Apr 18 '20 at 17:21

2 Answers2

3

Wireshark cannot see application data because it is encrypted with TLS. That's why Wireshark use TLS and TLS version in protocol column instead of HTTPS.

Almost all big website are using HTTPS todays. When you try to use HTTP the connection will be redirected to HTTPS. There are different redirection methods and it is possible the Wireshark cannot get enough data to know the communication is HTTP or not. That's why you can see TCP in protocol column instead of HTTP.

So You can filter packets with TCP ports:

tcp.port == 80 or tcp.port==443

GuBo
  • 129
  • 1
  • 1
  • 6
  • "When you try to use HTTP the connection will be redirected to HTTPS." => This depends on whether the client requests it and whether the server supports it. If the server is not set up this way, this will not happen. – Ross Jacobs Apr 19 '20 at 18:42
1

You can filter the HTTP traffic with the help of Wireshark easily.

Refer : How many http and https connections established in wireshark?

Even you can get the additional information , like source IP, destination IP, flags etc from hex format. Refer Link, How to obtain the source IP from a Wireshark dump of an HTTP GET request

Prasad 14723312
  • 539
  • 1
  • 3
  • 14