How to view SSH traffic in Wireshark

Home > Search > How-to
  by

Let's say PC 1 (192.168.0.6) is connecting to PC 2 (192.168.0.23) using SSH.

  1. On PC 1, start a Wireshark capture.
  2. Using PC1, make an SSH connection to PC2
  3. In Wireshark, stop the capture.

To view the SSH packets, type SSH into the Wireshark filter. Many client and server packets should be displayed. Notice keys are exchanged and the packets are encrypted. This does show that SSH is a secured protocol.

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments