This is a static archive of our old Q&A Site. Please post any new questions and answers at

SFTP traffic


I want to monitor just for SFTP traffic. How do I do that? I'm sure there is a way to filter for just that. I've never used this product before.

asked 30 Jun '14, 08:09

kody6107's gravatar image

accept rate: 0%

edited 29 Mar '15, 19:08

Guy%20Harris's gravatar image

Guy Harris ♦♦

One Answer:


SFTP is a file transfer protocol over SSH, at least that's my definition of it, so you would need to use a display filter for the SSH port: "tcp.port==22". Or, if you only want to capture SSH, use a capture filter: "tcp port 22". Keep in mind that SSH is encrypted, so the packets you can capture that way are of limited use.

answered 30 Jun '14, 08:19

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

thank you... changing the capture to port 22 did the trick

(30 Jun '14, 08:54) kody6107


If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(30 Jun '14, 08:57) grahamb ♦