Is there any way I can pass the SSH packets through Wireshark in such a way that it can read them? I can imagine using some sort of proxy, pipe or man-in-the-middle attack, but don't really know how to go about pulling it off, and google hasn't been terribly helpful on the matter. Could anyone offer an insight as to whether this is even possible, and if so, how to approach it? Thanks.

asked 21 Mar '11, 10:45

Biscuit's gravatar image

Biscuit
1111
accept rate: 0%


You'll need the RSA (encryption) keys. See the wiki (http://wiki.wireshark.org/SSL) for further info/guidance/details.

link

answered 21 Mar '11, 15:44

wesmorgan1's gravatar image

wesmorgan1
36671019
accept rate: 5%

2

SSL is actually a totally different protocol from SSH. Currently, Wireshark does not do SSH decryption.

(21 Mar '11, 15:50) SYN-bit ♦♦

That's what I get for reading too quickly - thanks for the correction!

(21 Mar '11, 16:04) wesmorgan1
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×11

Asked: 21 Mar '11, 10:45

Seen: 2,961 times

Last updated: 21 Mar '11, 16:04

powered by OSQA