Hi, See http://www.rpatrick.com/tech/ssh-ssl/
Thanx, Jaap On Thu, 5 Oct 2006, Jeff Sadowski wrote: > Is it possable to use the ssl filter for ssh traffic? > I was trying to use it I think I figured out how to use the ssl filter > and after I eperiment with it I'd like to write about it on the wiki. > I think the problem I am having is I am trying to use it for ssh > traffic which I thought used ssl. > Has anyone successfully used the ssl filter to filter out ssh traffic? > Here is what I tried. > > In the prefferences I went down to the ssl protocal and in > RSA key lists: 127.0.0.1,22,ssl,/etc/ssh/ssh_host_rsa_key > SSL debug file: /root/ssldebug.txt > > Then I start my capture on lo > and I start an ssh session to 127.0.0.1 > > Then I select the part of the ssh traffic one that says Continuation Data > > Then in the Analyze menu I select "decode as" > Then I select both ports then SSL > > Then under Analyze menu I have an option to Follow SSL Stream > (I suspect under normal ssl I would see text going across, I'll start > an ssl page later and try this) > > But it always comes up empty Below I'll post the error log from ssldebug.txt > > association_remove_handle removing ptr 0x9b31f08 handle 0x98ab4e0 > association_remove_handle removing ptr 0x9b31ca0 handle 0x98c90e0 > association_remove_handle removing ptr 0x9b31be0 handle 0x989c2e8 > association_remove_handle removing ptr 0x9b319a0 handle 0x992c9b0 > ssl_init keys string 172.24.0.21,22,ssl,/root/www.ssh_host_rsa_key > ssl_init found host entry 172.24.0.21,22,ssl,/root/www.ssh_host_rsa_key > ssl_init addr 172.24.0.21 port 22 filename /root/www.ssh_host_rsa_key > ssl_get_version: 1.2.10 > ssl_init private key file /root/www.ssh_host_rsa_key successfully loaded > association_add port 22 protocol ssl handle 0x9a3e170 > association_add port 443 protocol http handle 0x98ab4e0 > association_add port 636 protocol ldap handle 0x98c90e0 > association_add port 993 protocol imap handle 0x989c2e8 > association_add port 995 protocol pop handle 0x992c9b0 > ssl_session_init: initializing ptr 0xb2bda978 size 568 > association_find: port 22 found 0x9b7a410 > packet_from_server: is from server 1 > dissect_ssl server 127.0.0.1:22 > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
