SSH Parser?

Oct 11, 2009 at 7:04 PM

I'm looking for a parser set for SSH, preferably one that will decrypt if the private key is available.  I just can't afford the time come up to speed on parser development and then to develop my own. Consider this a humble request from a very happy Netmon 3 user!

Oct 15, 2009 at 10:43 PM
Edited Oct 16, 2009 at 3:25 AM

Hi Bob,

Thanks for your interest of NPL parsers. Unfortunately Netmon itself don't support decryption so far, a possible approach is to develop an expert tool, which based on Netmon API, to decrypt the traffic and then use Netmon to parse it.

It seems that all the SSH traffic on the wire is encrypted. Without a decryption tool, netmon can't parse SSH traffice even if we already had a SSH parser. I will discuss this with my team and keep you posted.

Thanks,

Jin Feng

Nov 8, 2009 at 9:07 PM

OK, I get it. I just thought that it would be like decrypting SSL. Sounds like a fun (though time-consuming) project...