Ask Your Question

Hector Santos's profile - activity

2021-06-25 08:45:43 +0000 received badge  Famous Question (source)
2021-06-25 08:45:43 +0000 received badge  Notable Question (source)
2019-10-22 12:38:28 +0000 received badge  Popular Question (source)
2019-08-07 04:03:34 +0000 edited question How to capture HTTPS traffic to specific domain?

How to capture HTTPS traffic to specific domain? I need to capture the traffic from my Win7 machine where I just install

2019-08-06 19:58:45 +0000 commented answer How to capture HTTPS traffic to specific domain?

I agree. However, with stronger ciphers, TLS 1.2/1.3 and the "Encrypt Always and Everything" industry direction, there

2019-08-06 18:59:39 +0000 marked best answer How to capture HTTPS traffic to specific domain?

I need to capture the traffic from my Win7 machine where I just installed WireShark v3 to HTTPS web sites hosted at small office network with AT&T Fiber Ethernet. What would the command be to capture filter or script or menu options or a reference to an online example? I need to basically say:

Start Capturing and Log from SRC IP the HTTPS connection to host IP XYZ. Filter all other network traffic.

I need to do this for three sites on my network.

Reason:

In the past month, AT&T has begun degrading, intentionally or unintentionally, the HTTPS channel causing packet disruptions, timeouts and resets with the browser. HTTP traffic has no problem. It appears AT&T has taken the two main domains I cited as examples showing the problem, secure.winserver.com and secure.santronics.com and 'white listed" them to improve the HTTPS performance. While there are still some delays, the packets do not timeout and reset. However, all other hosted domains on HTTPS are being disrupted and degraded. With escalated support, AT&T has asked that I get a WireShark capture to illustrate the problem.

Why could the reasons for this to happen with only HTTPS and not HTTP?

I am speculating the following:

AT&T is performing packet security analysis and DPI (Deep Packet Inspection) in their main network/data center. All packets are routed there. Of recent, this DPI, Monitoring activity has been impacting our HTTPS channel communications. HTTP packets travel this same route but the unsecured, unencrypted packets are not causing a slow down. HTTPS appears to be an new overhead problem with AT&T customers with recent Fiber Broadband network changes.

2019-08-06 18:59:39 +0000 received badge  Scholar (source)
2019-08-06 18:58:55 +0000 commented answer How to capture HTTPS traffic to specific domain?

Ok, thank you, exploring this now. My interface was 6. I have a batch file prepare where I can pass the IP: dumpcap -

2019-08-06 17:30:57 +0000 edited question How to capture HTTPS traffic to specific domain?

How to capture HTTPS traffic to specific domain? I need to capture the traffic from my Win7 machine where I just install

2019-08-06 17:30:16 +0000 edited question How to capture HTTPS traffic to specific domain?

How to capture HTTPS traffic to specific domain? I need to capture the traffic from my Win7 machine where I just install

2019-08-06 17:29:52 +0000 received badge  Editor (source)
2019-08-06 17:29:52 +0000 edited question How to capture HTTPS traffic to specific domain?

How to capture HTTPS traffic to specific domain? I need to capture the traffic from my Win7 machine where I just install

2019-08-06 17:27:57 +0000 asked a question How to capture HTTPS traffic to specific domain?

How to capture HTTPS traffic to specific domain? I need to capture the traffic from my Win7 machine where I just install