I need to capture the traffic from my Win7 machine where I just installed WireShark v3 to HTTPS web sites hosted at small office network with AT&T Fiber Ethernet. What would the command, the capture filter or script or menu options or a reference to an online example? I need to basically say:
Start Capturing and Log from SRC IP the HTTPS connection to host IP XYZ. Filter all other network traffic.
I need to do this for three sites on my network.
Reason:
In the past month, AT&T has begun degrading, intentionally or intentionally, the HTTPS channel causing packet disruptions, timeouts and resets with the browser. HTTP traffic has no problem. It appears AT&T has taken the two main domains I cited for as examples showing the problem, secure.winserver.com and secure.santronics.com and 'white listed" them to improve the HTTPS performance. There are still some delays but packets do not timeout and reset. However, all other hosted domains on HTTPS are being disrupted and degraded. With escalated support, AT&T has asked that I get a WireShark capture to illustrate the problem.
Why could this be happen with only HTTPS and not HTTP?
I am speculating the following:
AT&T is performing packet security analysis and DPI (Deep Packet Inspection) in their main network/data center. All packets are routed there. Of recent, this DPI, Monitoring activity has been impacting our HTTPS channel communications. HTTP packets travel this same route but the unsecured, unencrypted packets are not causing a slow down. HTTPS appears to be an new overhead problem with AT&T customers with recent Fiber Broadband network changes.
