How can I filter https when monitoring traffic with Wireshark?
Solution 1:
tcp.port==443 in the filter window (mac)
Solution 2:
As 3molo says. If you're intercepting the traffic, then port 443 is the filter you need. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.)
See http://wiki.wireshark.org/SSL
Solution 3:
"port 443" in capture filters. See http://wiki.wireshark.org/CaptureFilters
It will be encrypted data though.
Solution 4:
Filter tcp.port==443 and then use the (Pre)-Master-Secret obtained from a web browser to decrypt the traffic.
Some helpful links:
https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites/42350#42350
https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
"Since SVN revision 36876, it is also possible to decrypt traffic when you do not possess the server key but have access to the pre-master secret... In short, it should be possible to log the pre-master secret to a file with a current version of Firefox, Chromium or Chrome by setting an environment variable (SSLKEYLOGFILE=). Current versions of QT (both 4 and 5) allow to export the pre-master secret as well, but to the fixed path /tmp/qt-ssl-keys and they require a compile time option: For Java programs, pre-master secrets can be extracted from the SSL debug log, or output directly in the format Wireshark requires via this agent." (jSSLKeyLog)
Solution 5:
You can use the "tls" filter:
TLS stands for Transport Layer Security, which is the successor to the SSL protocol. If you're trying to inspect an HTTPS request, this filter may be what you're looking for.