You may need to see the traffic in the local computer for the IIS sites our SPAS uses and here how to do it.
**Monitor Local HTTPS Traffic (TCP 443) Using Wireshark**
Step 1: Install Npcap
1. Download the latest Npcap installer from:
https://npcap.com/#download
2. Run the installer using default settings.
Loopback traffic support is enabled by default in current versions.
3. After installation, confirm that “Npcap Loopback Adapter” appears in Device Manager under Network Adapters.
**Install Wireshark**
1. Download Wireshark from:
https://www.wireshark.org/download.html
2. Run the installer and accept the default options.
Ensure Npcap is selected as the capture driver (it should auto-detect it).
**Capture Loopback HTTPS Traffic**
1. Launch Wireshark as Administrator (right-click → Run as Administrator).
2. In the interface list, select:
**Npcap Loopback Adapter**
This captures traffic between applications on the same machine (e.g., localhost or 127.0.0.1).
3. Click **Start** to begin capturing.
**Filter for TCP Port 443**
Once capturing starts, enter the following display filter in the top bar:
tcp.port == 443
This will show only traffic using TCP port 443 (typically HTTPS).
Perform the SPAS operation such as a push authentication to see the traffic involved. Send a screenshot or export the PCAP data to a file for review.