Wireshark-users: Re: [Wireshark-users] dissecting HTTPS traffic
From: Patrick Klos <[email protected]>
Date: Fri, 9 Oct 2015 19:26:31 -0400
On 10/9/2015 7:12 PM, Noam Birnbaum wrote:
Hey folks,

One of our clients has recently been having their WAN bandwidth eaten up, and we've narrowed it down to one executive's computer.

Now we want to dissect that computer's traffic to see what it's doing. However, much of it is HTTPS, so we can't see the content. Any suggestions on getting a useful analysis?


I would start by analyzing the locations of the IP addresses that the connections are going to.  Have you run a virus scan on the computer in question?