2022-08-24 13:40:08 +0000 | marked best answer | tshark SSH Packets Encrypted After Saving to File I am trying to collect SSH packets on a file transfer server so that I can tell who would be affected by a reduced cipher list. I am using dumpcap to gather certain packets... ... Then I am using tshark to further filter and save the packets that I need that tell me what ciphers the client is able to use... ... When I omit -w <outfile>, I can see in Command Prompt the packets as I would expect. In addition, I can open "D:\SFTPCapture\serverA_00019_20220823122517.pcapng" in Wireshark, filter the packets, and save the desired packets as expected. The issue is the when saving the output from tshark using -w <outfile>, all of the packets say that they are encrypted. What is stranger still is that if I omit "ssh.message_code == 20) && " from the filter, the packets are no longer encrypted, but I end up with more packets than I need. How do I save the filtered packets to a pcapng file so that ssh message 20 is still human readable and I can tell what ciphers the clients are using? |
2022-08-24 13:40:08 +0000 | received badge | ● Scholar (source) |
2022-08-24 13:40:02 +0000 | commented answer | tshark SSH Packets Encrypted After Saving to File Thank you. Both filters retained the data I need to collect. Unfortunately, they keep a lot more packets than I need and |
2022-08-23 19:15:11 +0000 | asked a question | tshark SSH Packets Encrypted After Saving to File tshark SSH Packets Encrypted After Saving to File I am trying to collect SSH packets on a file transfer server so that I |