On Fri, Oct 10, 2008 at 04:49:20PM -0400, Forrest Aldrich wrote:
> I'm working on tracking down a bizarre interaction between 2 remote
> systems.
>
> In order to track this down, I'm looking for a means to decrypt the
> session and packet contents from a *.pcap file, so I can see exactly
> what data are in this packet that's causing the connection to slam
> shut (only happens in SSH).
Wireshark does not support decrypting SSH sessions at this time.
You may have already tried this, but I usually put the OpenSSH daemon
(if that's what you're using) on the machine you're connecting to to
debug/interactive (non-daemon/background) mode.
Steve