I want to monitor just for SFTP traffic. How do I do that? I'm sure there is a way to filter for just that. I've never used this product before.
asked 30 Jun '14, 08:09
edited 29 Mar '15, 19:08
Guy Harris ♦♦
SFTP is a file transfer protocol over SSH, at least that's my definition of it, so you would need to use a display filter for the SSH port: "tcp.port==22". Or, if you only want to capture SSH, use a capture filter: "tcp port 22". Keep in mind that SSH is encrypted, so the packets you can capture that way are of limited use.
answered 30 Jun '14, 08:19