Issue when obtaining SSH sessions on LAN

I have configured zeek following the official documentation, then I have added redef to skip the checksum warning. I have configured the interface trying with different brands, I have done tcpdump and tshark and I don’t see the ssh sessions except that of the same endpoint where I do the sniffing. I am connected to a mirror port.
event connection_established(c: connection)
if (c$id$resp_p == 22/tcp)
print fmt(“SSH Alerts: Con from %s a %s:%d”,
c$id$orig_h, c$id$resp_h, c$id$resp_p);



I hope soon your answer, greetings.

The very same question was posted in Slack last week and seemed @JustinAzoff helped you out. Do you need any more information?