wireshark + windows TCP viewer (opens new window) wireshark + [linux netstat]

How to Decrypt SSL with Wireshark

monitor mode

# CaptureFilters


capture network: You can run Get-NetAdapter -IncludeHidden in Windows PowerShell and match up the Name property. The InterfaceDescription property is what will be displayed in the Device Manager.

# DisplayFilters

https://wiki.wireshark.org/DisplayFilters https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/


http contains searchText

ip.addr == and not tcp.port in {80 25}

not ssh and ip.addr ==