unable to see http traffic using wireshark

I am running wireshark as root and listening to my network card interface ‘enp37s0’ and filtering using http.

I’ve opened my browser and cleared all the cache. When I browse a website, I don’t see any HTTP traffic getting captured?

Hi
The protocol is tcp… look at the port filters


tcp.port == 443 || tcp.port == 80

Hi thanks for your reply, so I just discovered the traffic is https and not http and I need a way to decrypt it.

So looks like I need to set the location of the sslkey:

export SSLKEYLOGFILE="/tmp/sslkey"

However I have a problem, if I try to run wireshark from terminal as user, I cannot see all the Interfaces.

If I try to run wireshark from the terminal as root, I am getting QT errors?

$ sudo wireshark
[sudo] password for root:
** (wireshark:16220) 20:12:00.092524 [GUI CRITICAL] – This application failed to start because no Qt platform plugin coul
d be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposi
te-egl, wayland-xcomposite-glx, xcb.

Any idea how to fix this? I installed wireshark using yast2.

Looks like I just needed to add myself to the ‘wireshark’ group.

What I forgot to do was logout and login again for this to work correctly.

I found the following video on how to decrypt HTTPS traffic helpful in case someone else lands here.

https://www.youtube.com/watch?v=COPAWzlqhi8

Try

kdesu wireshark

Yes, this is exactly what you have to do when using recent Wireshark versions – it used to ask for the password of the user “root” – I recall that, there was a hint when first starting Wireshark and, the actual Wireshark documentation describing this setup is quite difficult to find –

Well documented here…
https://wiki.archlinux.org/title/wireshark