Hello everyone, not entirely sure if this is the right place to posts this, but here goes -
I recently started using Wireshark and am having some trouble with some of the basics. I need to do a packet trace of an SFTP and I am really confused as to how to get started with this.
Any help would be greatly appreciated, thanks in advance.
Jump to PostWireshark will allow you capture on an interface. Just start the program with no arguments and select the interface you want to capture on. Once you are capturing packets you can set a filter to limit those packets that you are viewing. From there, you can save just the selected …
Jump to PostWireshark, as with other packet capturing apps, will allow you to capture the packets that are picked up by the interface, or in promiscuous mode it will see all traffic that comes accross the interface including packets the interface doesnt bring up through the stack.
If you dont have any …
Wireshark will allow you capture on an interface. Just start the program with no arguments and select the interface you want to capture on. Once you are capturing packets you can set a filter to limit those packets that you are viewing. From there, you can save just the selected packets.
These steps allow you to capture just an SFTP stream if you set the filter correctly.
Maybe I am just not understanding how Wireshark works entirely. I understand how to capture the packets in an interface, but I can't seem to find any SFTP packets.
Wireshark, as with other packet capturing apps, will allow you to capture the packets that are picked up by the interface, or in promiscuous mode it will see all traffic that comes accross the interface including packets the interface doesnt bring up through the stack.
If you dont have any capture filters configured, you can create a display filter after you capture the packets and your display filter can be based upon protocol, ip info, ports, etc...
You'd have to take a look at their documentation on how to create the appropriate display filter. Be patient with Wireshark as it takes time to learn how to use it.
So if I wanted to capture an SFTP stream, I would need to do something on my computer that would utilize SFTP and than have wireshark running during the process?
Assuming the SFTP service is on another computer, yes, if you have Wireshark running and you attempt an SFTP connection, you should see the packets captured.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.