This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am trying to capture traffic between two CentOS vms that are using ssh key-based authentication. I looked up display filters on https://www.wireshark.org/docs/dfref/s/ssh.html and found the ssh.host_key.data filter, but I cannot make it work for tshark. Is there a way I can make this possible? Thanks, Scott

asked 30 Jan '17, 19:00

scottctaylor12's gravatar image

scottctaylor12
6112
accept rate: 0%


ssh.host_key.data is only used (in Wireshark 2.2.X) when the Host-Key is not of type "ssh-rsa". So it depends on the host key of your SSH server.

Furthermore this part has been refactored in the current Development Version (2.3.X s. https://www.wireshark.org/download/automated/) to catch other key types too.

permanent link

answered 02 Feb '17, 01:50

Uli's gravatar image

Uli
9031515
accept rate: 29%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×165
×63
×25

question asked: 30 Jan '17, 19:00

question was seen: 1,230 times

last updated: 02 Feb '17, 01:50

p​o​w​e​r​e​d by O​S​Q​A