Ethereal-dev: Re: [Ethereal-dev] patch for SSH Version 1 support

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Huagang XIE <huagang@xxxxxxxxxxxxx>
Date: Wed, 29 Jan 2003 11:25:39 -0800
Good..I did not have a plan to do that yet..so go ahead do it and submit your patch..:-) 

huagang
Yaniv Kaul wrote:
I'd like to add deeper parsing of payloads into the SSH dissector, but was wondering perhaps you (or anyone else on the list) are already working on it. 
For example, on SSH_MSG_KEXDH_REPLY, the packet format is:
byte      SSH_MSG_KEXDH_REPLY
string    server public host key and certificates (K_S)
mpint     f
string    signature of H

Now, the string K_S, is actually:
    string   certificate or public key format identifier
    byte[n]  key/certificate data

Which means we can actually parse KEXDH_REPLY deeper.
See section 4.6 of the transport draft (http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt) 
For example, for ssh-rsa, we could actually have:

SSH_MSG_KEXDH_REPLY
   Length:
   +Certificate
       - Certificate format length: 4
       - Certificate format: ssh-rsa
           - 'mpint 'e' length' :
           - 'e':
           - 'mpint 'n' length:
           - 'n':
   + 'f'
       - 'mpint 'f' length:
       - 'f'
   + 'signature of H'
       - 'length of '...H':
       - 'H':
    What do you think?

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev