This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SFTP traffic

0

I want to monitor just for SFTP traffic. How do I do that? I'm sure there is a way to filter for just that. I've never used this product before.

asked 30 Jun '14, 08:09

kody6107's gravatar image

kody6107
11112
accept rate: 0%

edited 29 Mar '15, 19:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

One Answer:

2

SFTP is a file transfer protocol over SSH, at least that's my definition of it, so you would need to use a display filter for the SSH port: "tcp.port==22". Or, if you only want to capture SSH, use a capture filter: "tcp port 22". Keep in mind that SSH is encrypted, so the packets you can capture that way are of limited use.

answered 30 Jun '14, 08:19

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

thank you... changing the capture to port 22 did the trick

(30 Jun '14, 08:54) kody6107

@kody6107

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(30 Jun '14, 08:57) grahamb ♦