Is it possable to use the ssl filter for ssh traffic? I was trying to use it I think I figured out how to use the ssl filter and after I eperiment with it I'd like to write about it on the wiki. I think the problem I am having is I am trying to use it for ssh traffic which I thought used ssl. Has anyone successfully used the ssl filter to filter out ssh traffic? Here is what I tried.
In the prefferences I went down to the ssl protocal and in RSA key lists: 127.0.0.1,22,ssl,/etc/ssh/ssh_host_rsa_key SSL debug file: /root/ssldebug.txt Then I start my capture on lo and I start an ssh session to 127.0.0.1 Then I select the part of the ssh traffic one that says Continuation Data Then in the Analyze menu I select "decode as" Then I select both ports then SSL Then under Analyze menu I have an option to Follow SSL Stream (I suspect under normal ssl I would see text going across, I'll start an ssl page later and try this) But it always comes up empty Below I'll post the error log from ssldebug.txt association_remove_handle removing ptr 0x9b31f08 handle 0x98ab4e0 association_remove_handle removing ptr 0x9b31ca0 handle 0x98c90e0 association_remove_handle removing ptr 0x9b31be0 handle 0x989c2e8 association_remove_handle removing ptr 0x9b319a0 handle 0x992c9b0 ssl_init keys string 172.24.0.21,22,ssl,/root/www.ssh_host_rsa_key ssl_init found host entry 172.24.0.21,22,ssl,/root/www.ssh_host_rsa_key ssl_init addr 172.24.0.21 port 22 filename /root/www.ssh_host_rsa_key ssl_get_version: 1.2.10 ssl_init private key file /root/www.ssh_host_rsa_key successfully loaded association_add port 22 protocol ssl handle 0x9a3e170 association_add port 443 protocol http handle 0x98ab4e0 association_add port 636 protocol ldap handle 0x98c90e0 association_add port 993 protocol imap handle 0x989c2e8 association_add port 995 protocol pop handle 0x992c9b0 ssl_session_init: initializing ptr 0xb2bda978 size 568 association_find: port 22 found 0x9b7a410 packet_from_server: is from server 1 dissect_ssl server 127.0.0.1:22 _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
