Secure Shell
Help decoding ssh packet capture Mar 20 2010 06:16PM
Scott Ehrlich (srehrlich gmail com) (3 replies)
Re: Help decoding ssh packet capture Mar 23 2010 01:31PM
Shawn Merdinger (shawnmer gmail com)
Re: Help decoding ssh packet capture Mar 22 2010 11:31PM
Colin Copley (colin 75 btinternet com)
Re: Help decoding ssh packet capture Mar 22 2010 11:30PM
Morgan Reed (morgan s reed gmail com)
On Sun, Mar 21, 2010 at 05:16, Scott Ehrlich <srehrlich (at) gmail (dot) com [email concealed]> wrote:
> I'm trying to find an RFC or something else definitive that will
> explicitly define, when an ssh client tries to establish a connection
> to an ssh server, packet by packet, from initial host negotiation to
> defining encryption schemes to full encryption.   I then want to
> compare that step-by-step authoritative guide to what I see in my
> packet sniffer.

I would suggest that the log from ssh -vvv will probably be more
useful to you, been a while since I looked at SSH in a packet capture
but I suspect that the packets will all be very generic (i.e. there
won't be any explicit notation of WHAT a particular packet is WRT the
SSH protocol).

You should be able to use the timestamps from the log to associate the
packets with each step and between the two you should get a pretty
good idea of what's going on.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus