Wireshark-users: Re: [Wireshark-users] Trying to decode sshv2 traffic
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: M Holt <m.iostreams@xxxxxxxxx>
Date: Tue, 17 Jun 2014 14:17:21 -0700
SSH uses Diffie-Hellman key exchange, which creates a shared 'ephemeral' key for encryption. As such, there is no current method of decrypting this type of traffic. For more info, take a look here:
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange


On Tue, Jun 17, 2014 at 1:41 PM, Ahmed Zaki <ahmed.mahmoudzaki@xxxxxxxxx> wrote:
Thank you Jeff.

Do you think we can submit it as a future enhancement?



On Tue, Jun 17, 2014 at 8:16 PM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
On 06/17/14 12:59, Ahmed Zaki wrote:
Dear All,

I captured SSHV2 trace file between two servers, I want to see the
decrypted packets.

Any ideas about how I can decrypt the packets?

I believe it is possible to collect the public keys from both servers,
Is this going to help?

Unfortunately, no.  The SSH dissector in Wireshark is not able to decrypt SSH packets.

See:

http://wiki.wireshark.org/SSH
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe