Help decoding ssh packet capture

Discussion:

(too old to reply)

Scott Ehrlich

2010-03-20 18:16:10 UTC

I'm trying to find an RFC or something else definitive that will
explicitly define, when an ssh client tries to establish a connection
to an ssh server, packet by packet, from initial host negotiation to
defining encryption schemes to full encryption. I then want to
compare that step-by-step authoritative guide to what I see in my
packet sniffer.

Thanks for any leads.

Scott

Colin Copley

2010-03-22 23:31:55 UTC

Permalink

Post by Scott Ehrlich
I'm trying to find an RFC or something else definitive that will
explicitly define, when an ssh client tries to establish a connection
to an ssh server, packet by packet, from initial host negotiation to
defining encryption schemes to full encryption. I then want to
compare that step-by-step authoritative guide to what I see in my
packet sniffer.
Thanks for any leads.

This should get you started

http://www.networksorcery.com/enp/default1004.htm

Morgan Reed

2010-03-22 23:30:23 UTC

Permalink

I would suggest that the log from ssh -vvv will probably be more
useful to you, been a while since I looked at SSH in a packet capture
but I suspect that the packets will all be very generic (i.e. there
won't be any explicit notation of WHAT a particular packet is WRT the
SSH protocol).

You should be able to use the timestamps from the log to associate the
packets with each step and between the two you should get a pretty
good idea of what's going on.

Shawn Merdinger

2010-03-23 13:31:05 UTC

Permalink

Hi Scott,

There's "SSH: the Definitive Guide" on Google books as well.

http://books.google.com/books?id=JFa5aLIII6oC

Cheers,
--scm

Post by Scott Ehrlich
I'm trying to find an RFC or something else definitive that will