wireshark + windows TCP viewer (opens new window) wireshark + [linux netstat]
How to Decrypt SSL with Wireshark
monitor mode
# CaptureFilters
https://wiki.wireshark.org/CaptureFilters
capture network: You can run Get-NetAdapter -IncludeHidden in Windows PowerShell and match up the Name property. The InterfaceDescription property is what will be displayed in the Device Manager.
# DisplayFilters
https://wiki.wireshark.org/DisplayFilters https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
protocol
http contains searchText
ip.addr == 192.0.2.1 and not tcp.port in {80 25}
not ssh and ip.addr == 1.1.1.1