Skip to content

Instantly share code, notes, and snippets.

@tcpdump-examples

tcpdump-examples/tcpdump-ssh-traffic.md

Last active February 15, 2021 09:37
Show Gist options
  • Save tcpdump-examples/d9412fd37936b3b0cac430a7979964e7 to your computer and use it in GitHub Desktop.
Save tcpdump-examples/d9412fd37936b3b0cac430a7979964e7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tcpdump-ssh-traffic.md

How to capture SSH Traffic with Tcpdump?

We can filter tcp port 22 in tcpdump command to capture all the ssh traffic.

tcpdump -i eth0 tcp port 22

tcpdump -i eth0 'tcp[2:2] = 22'

The output of tcpdump is format dependant. A typical output line for TCP looks like this.

21:38:44.202888 IP 10.79.97.62.60915 > 216.58.220.206.22: Flags [S], seq 1580803359, win 65535, options [mss 1366,nop,wscale 6,nop,nop,TS val 552701199 ecr 0,sackOK,eol], length 0

We can save the captured packets into a file rather than printing them out by using the “-w” flag.

tcpdump -i eth0 -w /tmp/ssh.pcap tcp port 22

source: How to capture SSH Traffic with Tcpdump?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment