I'm glad someone was finally less lazy than I and came with a dissector to SSH. ;-)
However, what I found confusing, is that it seems that some values could have differernt meanings.
From http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt, page 22:
/* Numbers 30-49 used for kex packets.
Different kex methods may reuse message numbers in
this range. */ #define SSH_MSG_KEXDH_INIT 30
#define SSH_MSG_KEXDH_REPLY 31How did you solve this? Indeed, in some other drafts, those numbers are re-used!
For example, from http://www.ietf.org/internet-drafts/draft-ietf-secsh-gsskeyex-05.txt, page 15:
. Summary of Message Numbers
The following message numbers have been defined for use with GSSAPI-based key exchange methods:
#define SSH_MSG_KEXGSS_INIT 30
#define SSH_MSG_KEXGSS_CONTINUE 31
#define SSH_MSG_KEXGSS_COMPLETE 32
#define SSH_MSG_KEXGSS_HOSTKEY 33
#define SSH_MSG_KEXGSS_ERROR 34The numbers 30-49 are specific to key exchange and may be redefined by other kex methods.
Huagang XIE wrote:
Here it is, Now the SSHv2 and SSHv1 is a flag in the flow data structure now.
huagang
