Wireshark not capturing HTTPS packets?

https wireshark packet-capture
Uzair Farooq picture Uzair Farooq · Aug 7, 2012 · Viewed 18.6k times · Source

Wireshark is not capturing https packets. I've tried filtering them by portmap.port == 443 but no https packet is shown, however, http packets are captured fine.

Any suggestions?

Answer

user862787 picture user862787 · Aug 8, 2012

portmap refers to the ONC RPC portmapper protocol. That's only used for ONC RPC protocols such as NFS, YP, and the portmapper/rpcbind protocol itself.

HTTP, and HTTP-over-SSL/TLS, i.e. "https", do not use ONC RPC and, in particular, don't use the portmapper. They run atop TCP, so you'd want a display filter such as tcp.port == 443. (If you want a capture filter, so the only traffic you capture is traffic to or from port 443, port 443 would be the equivalent capture filter.)

Related questions

How can I configure Wireshark to see HTTPS traffic?

I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this? This is just to verify that an …

Read More
Sniff POST variables through HTTPS

I am trying to reverse engineer a script so I can submit a form using Mechanize. The form is using some weird Javascript form upload script that I just can't seem to understand. So I was thinking I would sniff …

Read More
Decrypting HTTPS traffic in Wireshark not working

I'm running Wireshark 1.8.6 on Windows Server 2008 R2 and attempting to decrypt incoming HTTPS communication in order to debug an issue I'm seeing. I have my RSA Keys list set up correctly (I think) but Wireshark will not decrypt the SSL …

Read More