Is there any way I can pass the SSH packets through Wireshark in such a way that it can read them? I can imagine using some sort of proxy, pipe or man-in-the-middle attack, but don't really know how to go about pulling it off, and google hasn't been terribly helpful on the matter. Could anyone offer an insight as to whether this is even possible, and if so, how to approach it? Thanks. asked 21 Mar '11, 10:45  Biscuit |
One Answer:
You'll need the RSA (encryption) keys. See the wiki (http://wiki.wireshark.org/SSL) for further info/guidance/details. answered 21 Mar '11, 15:44  wesmorgan1 |
SSL is actually a totally different protocol from SSH. Currently, Wireshark does not do SSH decryption.
That's what I get for reading too quickly - thanks for the correction!