I'm using Wireshark on OSX, but I can't make any sense out of the filtering system.
I have this filter set up:
But when I hit that server, I don't see anything show up in the capture log. If I remove the filter, I see all sorts of network traffic. The network request I am doing is to
https://lowdown.secure.omnis.com
from an iOS application in the iOS simulator. The service receives the request, and I get a response. But I don't know how to filter these out of all the noise in Wireshark.
Best Answer
You can filter on a HTTP host on multiple levels. At the application layer, you can specify a display filter for the HTTP Host header:
At the transport layer, you can specify a port using this display filter:
At the network layer, you can limit the results to an IP address using this display filter:
These display filters can also be combined:
Finally you can set a capture filter which controls the data that gets saved to a capture file. Capture filters must be set before capturing, you can open a dialog for this by double-clicking the interface name when no capture is active. This one causes a lookup of
example.com
and returns IP packets matching that host: