Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] SSH packets

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Small, James" <JSmall@xxxxxxxxxxxxxx>
Date: Sat, 9 Dec 2006 20:11:45 -0500

What about:
tcp.port==22

Normally an SSH Server/Service/Daemon listens on TCP Port 22.

If the SSH end point is on a different port, then you can filter on the
server port (e.g. tcp.port==60022) and right click on a packet and
select decode as, and choose SSH.

Hope this helps,
  --Jim

> -----Original Message-----
> Hi all,
> 
> Can anybody tell me how can I capture packets which belong to SSH
> connection? When I establish a SSH connection, even all SSH packets
are
> shown as TCP packets however I have set the filter to capture all
packets.
>
  • Prev by Date: [Wireshark-users] analysing t.120 traffic
  • Next by Date: Re: [Wireshark-users] voip troubleshooting
  • Previous by thread: [Wireshark-users] SSH packets
  • Next by thread: [Wireshark-users] analysing t.120 traffic
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation