This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Read SSH packets?

0

Is there any way I can pass the SSH packets through Wireshark in such a way that it can read them? I can imagine using some sort of proxy, pipe or man-in-the-middle attack, but don't really know how to go about pulling it off, and google hasn't been terribly helpful on the matter. Could anyone offer an insight as to whether this is even possible, and if so, how to approach it? Thanks.

asked 21 Mar '11, 10:45

Biscuit's gravatar image

Biscuit
1111
accept rate: 0%


One Answer:

0

You'll need the RSA (encryption) keys. See the wiki (http://wiki.wireshark.org/SSL) for further info/guidance/details.

answered 21 Mar '11, 15:44

wesmorgan1's gravatar image

wesmorgan1
411101221
accept rate: 4%

2

SSL is actually a totally different protocol from SSH. Currently, Wireshark does not do SSH decryption.

(21 Mar '11, 15:50) SYN-bit ♦♦

That's what I get for reading too quickly - thanks for the correction!

(21 Mar '11, 16:04) wesmorgan1