Wireshark – HTTP filter not working on macOS
Question
I have Wireshark 2.4.6 installed on macOS High Sierra. For some reason, Wireshark is not capturing any HTTP traffic across my machine. I have explicitly opened multiple webpages on a browser and filtered for HTTP traffic, but I am not able to see any HTTP packets.
I have an Ubunbtu virtual machine on my computer. When I booted that and opened webpages on it, I was able to see the corresponding HTTP traffic on Wireshark (which runs on my host macOS itself).
Why can I not see HTTP traffic for websites I open on macOS browsers? Does macOS treat HTTP differently somehow (if that is even possible)?
1 answers
solution1
0 ACCPTED 2018-04-25 07:07:57
Make sure that you are accessing websites bound with http but not https
The reason behind this is https is 'http secure' which ensures secure communication over a network and hence it undergoes encryption and decryption end-to-end, so wireshark won't be able to capture them. Instead you can search for TLS/SSL in the search bar and voila!, you would be able to see them since https is secured with either SSL or TLS. And yes, the next question that might confuse you is why is wireshark able to capture packets when I run an 'HTTPS' site on a virtual machine? It's because of OCSP(Online Certificate Status Protocol)(I'm very much sure that when you were able to capture HTTPS packets when browsing on a virtual machine, you would have observed OCSP too). So, over here, OCSP tells you that X.509 certificates(used in both SSL and TLS) have been revoked since they were compromised, so putting it in simple terms, data has been decrypted and the certificates have been compromised.
PS: I tried the above in Kali Virtual Machine, but I do think it's the same for Ubuntu.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.