Wireshark decode Protocol SSHv1 and SSHv2


Hi All,

When I capture the packets for SFTP transfer, we notice in the packet from server "server protocol: SSH-2.0-openssh_4.0" but when we check under the protocol in the wireshark, it is showing as SSH and not sshv2.

Is it not Version2? (From the server Protocol?)

How is Wireshark deoding it as sshv1 or SSHv2? This is the packet after the 3 way handshake received from the server.

What Wireshark version are you using? Can you share a capture in a publicly accessible spot, e.g. CloudShark?

(22 Sep '17, 02:28)