The homebrew package wireshark installs the command line util tshark. If you want to enable the GUI, then install wireshark like this: brew install wireshark -with-qt If you already have Wireshark installed, do. To support my open-source work, consider adding me on Patreon. MacOS 10.15 Catalina Mostly-Automated Setup. An easy to refer to document for regularly setting up macOS 10.15 Catalina. The topic of recipe-based frequent fresh reinstalls of macOS is a controversial issue. Support Wireshark installed from Homebrew or other cases where unprivileged access to macOS packet capture devices is desired without installing the binary distribution of Wireshark. $ brew options wireshark Shows you options for wireshark, which lists -with-qt5. QT is the GUI toolkit that Wireshark uses since 1.10. Thus, install wireshark using the following command: $ brew install wireshark -with-qt5 Or if you already have wireshark previosly: $ brew reinstall wireshark -with-qt5. Wireshark questions and answers. ASK YOUR QUESTION. SharkFest ’21 Virtual Europe will be held June 14-18, 2021 and Sharkfest ’21 Virtual US will be held September 13-17, 2021. Meanwhile, don’t forget that you can always find great content still available from past conferences at the Sharkfest US, Sharkfest Europe, and Sharkfest Asia Retrospective pages too!

It can be difficult to trace network traffic from a Node.js application.Typically, folks will just instrument some logging to check that everything isworking as it is supposed to. Unfortunately, sometimes there are too manyabstractions or possible race conditions to accurately get a good trace. To getthe most objective possible trace of network traffic Wireshark can be used.

Wireshark is a network protocol analyzer that makes it extremely simple tocapture and trace network activity from any source on your computer. It also hastools built in to decrypt traffic like that of HTTPS (TLS / SSL).

Setup

In the case of capturing HTTPS (TLS / SSL) traffic, there is some setup beforecapturing traffic. If all you need is to capture unencrypted HTTP, then skip tothe Wireshark installation, since Wireshark can do so out-of-the-box.

SSL key logging for HTTPS (TLS / SSL) decryption

If you'd like to decrypt HTTPS (TLS / SSL) you will need to set a path via anenvironmental variable to collect SSL keys for use in Wireshark. This sameenvironmental variable works for most browsers and some other applications aswell.

Set the path and file name to whatever you would like.

Node.js SSL key logging

Node.js v12.3.0 introduced a keylog API to store SSL keys, but it can beunwieldy to setup and integrate with existing libraries. It also does not workwith the SSLKEYLOGFILE environmental variable. Luckily, there is a simple wayto set up using an npm module: sslkeylog. sslkeylog sets up global hooksinto the https module to capture any SSL keys used which makes it therecommended way of capturing SSL keys. sslkeylog can be installed with npmlike below:

Once sslkeylog is installed, import it and active its hooks before making anyHTTP(S) calls. For example:

If you use TypeScript, you may need to include a declaration file like below:

Once capturing traffic is complete, you can remove all the code related to SSLkey logging.

Wireshark

First things first, you must install Wireshark program. On macOS you can usebrew to not only install the CLI, but the UI app as well:

Brew Wireshark Permission Denied

For Wireshark to be able to decrypt HTTPS (TLS / SSL) traffic it needs to readthe SSL Key log generated by Node.js or other applications. To configure thisfor Wireshark, open up the application and then open the preferences forWireshark. Once the preferences are open, open the 'Protocols' dropdown in theleft sidebar menu listing and scroll down to 'TLS', then click on it. On olderversions of Wireshark, look for 'SSL' instead of 'TLS'. Once the settings for'TLS' (or 'SSL' for older versions) is open, look for the '(Pre)-Master-Secretlog filename' setting and set the path to the same one that was configured abovevia the SSLKEYLOGFILE environmental variable. You might need to create anempty file at the path given.

Capturing traffic

Now that you are all setup, you can begin capturing traffic. Open up Wiresharkand select the capture interface, which for macOS is usually en0 (Wi-Fi).

Once capturing has begun you should start to see logs of all sorts of trafficto be listed, unless you are not connected to the internet.

This traffic can be overwhelming and mostly unrelated to Node.js or theapplication you are trying to inspect. This where filters come in handy.

For example, to filter requests on a domain:

Brew Install Wireshark

Or to filter on a certain IP address:

Filters can also be combined with conditional operators && and ||.

Once capturing has begun, you can start your app up as normal and try to causenetwork activity that is in need of being traced.

Hopefully, with a combination with the filters you will be able to find theexact requests and responses you are looking for. If you find either a requestor a response you can right click on a line item and select 'Follow > HTTPStream' to see the both of the request and response.

Osx Wireshark Brew

Additionally, you can save any traffic captured for later use or to send topeers for inspection.