I am running wireshark as root and listening to my network card interface ‘enp37s0’ and filtering using http.
I’ve opened my browser and cleared all the cache. When I browse a website, I don’t see any HTTP traffic getting captured?
I am running wireshark as root and listening to my network card interface ‘enp37s0’ and filtering using http.
I’ve opened my browser and cleared all the cache. When I browse a website, I don’t see any HTTP traffic getting captured?
Hi
The protocol is tcp… look at the port filters
tcp.port == 443 || tcp.port == 80
Hi thanks for your reply, so I just discovered the traffic is https and not http and I need a way to decrypt it.
So looks like I need to set the location of the sslkey:
export SSLKEYLOGFILE="/tmp/sslkey"
However I have a problem, if I try to run wireshark from terminal as user, I cannot see all the Interfaces.
If I try to run wireshark from the terminal as root, I am getting QT errors?
$ sudo wireshark
[sudo] password for root:
** (wireshark:16220) 20:12:00.092524 [GUI CRITICAL] – This application failed to start because no Qt platform plugin coul
d be initialized. Reinstalling the application may fix this problem.
Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposi
te-egl, wayland-xcomposite-glx, xcb.
Any idea how to fix this? I installed wireshark using yast2.
Looks like I just needed to add myself to the ‘wireshark’ group.
What I forgot to do was logout and login again for this to work correctly.
I found the following video on how to decrypt HTTPS traffic helpful in case someone else lands here.
Try
kdesu wireshark
Yes, this is exactly what you have to do when using recent Wireshark versions – it used to ask for the password of the user “root” – I recall that, there was a hint when first starting Wireshark and, the actual Wireshark documentation describing this setup is quite difficult to find –
Well documented here…
https://wiki.archlinux.org/title/wireshark