1

I have captured a few TLS handshakes, I would like to focus on one tls handshake and the communication thereafter. For example, I connect to www.facebook.com and www.pinterest.com how do I tell wireshark to focus on only packets sent between pinterest and my computer and to ignore any requests my computer has made to facebook and vice versa.

Improve this question
1
  • 2
    Use the filter feature.
    – Ron Maupin
    Commented Apr 3 at 15:12

1 Answer 1

Reset to default
2

If the traffic uses TLS, then you're not going to be able to decrypt it.

But you can still see the (encrypted) traffic by applying the filter:

ip.addr==192.0.2.1

or whatever the address of the site you're interested in is.

If you have cleartext traffic, you can also select analyze/follow/http from the menu to see the http conversation.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.