This is a static archive of our old Q&A Site. Please post any new questions and answers at

Wireshark decode Protocol SSHv1 and SSHv2


Hi All,

When I capture the packets for SFTP transfer, we notice in the packet from server "server protocol: SSH-2.0-openssh_4.0" but when we check under the protocol in the wireshark, it is showing as SSH and not sshv2.

Is it not Version2? (From the server Protocol?)

How is Wireshark deoding it as sshv1 or SSHv2? This is the packet after the 3 way handshake received from the server.

asked 22 Sep '17, 00:46

rakeshreddy's gravatar image

accept rate: 0%

What Wireshark version are you using? Can you share a capture in a publicly accessible spot, e.g. CloudShark?

(22 Sep '17, 02:28) Jaap ♦