How to capture HTTPS traffic with wireshark
This tutorial shows how to capture https traffic with wireshark. The appropriate wireshark filter which you need to use to capture https packets are demonstrated.
https uses SSL protocol for communication. All packets in a https based communication uses TCP protocol and the associated port number is 443. The filter to be used is tcp.port==443. This filter would display all https packets. If https packets to and from a specific ip address is needed , then the filter has to be updated appropriately and the ip address information has to be added.
The below screenshot shows a wireshark capture which would filter https packets to and from the ip address 173.201.184.26. Note that 192.168.0.3 is the ip address of the PC on which the capture has been performed.
You can use this filter if you want to analyze communication between a PC and a website.