What filter should George use in Ethereal?

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department.

Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.

George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department.

Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.

George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

A.
net port 22

B.
udp port 22 and host 172.16.28.1/24

C.
src port 22 and dst port 22

D.
src port 23 and dst port 23

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

swapnil

swapnil

can some explain why / how?

Reply

tix

tix

no way this is true. When establishing a ssh (sftp) connection the destination port is 22 and not the source port. The source port is random port. The statment in C is both source and dest port to be 22 which is not correct. So the correct answer is A

Reply

aeg

aeg

C is correct.

SFTP uses 22/tcp (is an extension of SSH) and George wants to obtain SFTP evidences (outgoing AND incoming traffic)

Reply