As 3molo says. If you're intercepting the traffic, then port 443 is the filter you need. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.)
TLS stands for Transport Layer Security, which is the successor to the SSL protocol. If you're trying to inspect an HTTPS request, this filter may be what you're looking for.
"Since SVN revision 36876, it is also possible to decrypt traffic when you do not possess the server key but have access to the pre-master secret... In short, it should be possible to log the pre-master secret to a file with a current version of Firefox, Chromium or Chrome by setting an environment variable (SSLKEYLOGFILE=). Current versions of QT (both 4 and 5) allow to export the pre-master secret as well, but to the fixed path /tmp/qt-ssl-keys and they require a compile time option: For Java programs, pre-master secrets can be extracted from the SSL debug log, or output directly in the format Wireshark requires via this agent." (jSSLKeyLog)
Answering because I was looking for something similar.
When you use tcp.port, it only seems to show half the conversation. To show where 443 is either source or destination: tcp.srcport == 443 || tcp.dstport == 443
tcp.port==443 in the filter window (mac)
As 3molo says. If you're intercepting the traffic, then
port 443is the filter you need. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.)See http://wiki.wireshark.org/SSL
"port 443" in capture filters. See http://wiki.wireshark.org/CaptureFilters
It will be encrypted data though.
You can use the "tls" filter:
TLS stands for Transport Layer Security, which is the successor to the SSL protocol. If you're trying to inspect an HTTPS request, this filter may be what you're looking for.
Filter
tcp.port==443and then use the (Pre)-Master-Secret obtained from a web browser to decrypt the traffic.Some helpful links:
https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites/42350#42350
https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
"Since SVN revision 36876, it is also possible to decrypt traffic when you do not possess the server key but have access to the pre-master secret... In short, it should be possible to log the pre-master secret to a file with a current version of Firefox, Chromium or Chrome by setting an environment variable (SSLKEYLOGFILE=). Current versions of QT (both 4 and 5) allow to export the pre-master secret as well, but to the fixed path /tmp/qt-ssl-keys and they require a compile time option: For Java programs, pre-master secrets can be extracted from the SSL debug log, or output directly in the format Wireshark requires via this agent." (jSSLKeyLog)
Answering because I was looking for something similar.
When you use
tcp.port, it only seems to show half the conversation. To show where 443 is either source or destination:tcp.srcport == 443 || tcp.dstport == 443if you want to see HTTP and HTTPS (encrypted traffic with TLS), this filter helpful
http.request or tls.handshake.type == 1