This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there any way I can pass the SSH packets through Wireshark in such a way that it can read them? I can imagine using some sort of proxy, pipe or man-in-the-middle attack, but don't really know how to go about pulling it off, and google hasn't been terribly helpful on the matter. Could anyone offer an insight as to whether this is even possible, and if so, how to approach it? Thanks.

asked 21 Mar '11, 10:45

Biscuit's gravatar image

Biscuit
1111
accept rate: 0%


You'll need the RSA (encryption) keys. See the wiki (http://wiki.wireshark.org/SSL) for further info/guidance/details.

permanent link

answered 21 Mar '11, 15:44

wesmorgan1's gravatar image

wesmorgan1
41191221
accept rate: 4%

2

SSL is actually a totally different protocol from SSH. Currently, Wireshark does not do SSH decryption.

(21 Mar '11, 15:50) SYN-bit ♦♦

That's what I get for reading too quickly - thanks for the correction!

(21 Mar '11, 16:04) wesmorgan1
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×25

question asked: 21 Mar '11, 10:45

question was seen: 6,308 times

last updated: 21 Mar '11, 16:04

p​o​w​e​r​e​d by O​S​Q​A