I am trying to capture traffic between two CentOS vms that are using ssh key-based authentication. I looked up display filters on https://www.wireshark.org/docs/dfref/s/ssh.html and found the ssh.host_key.data filter, but I cannot make it work for tshark. Is there a way I can make this possible? Thanks, Scott asked 30 Jan '17, 19:00  scottctaylor12 |
One Answer:
ssh.host_key.data is only used (in Wireshark 2.2.X) when the Host-Key is not of type "ssh-rsa". So it depends on the host key of your SSH server. Furthermore this part has been refactored in the current Development Version (2.3.X s. https://www.wireshark.org/download/automated/) to catch other key types too. answered 02 Feb '17, 01:50  Uli |
