EvilZone

Hacking and Security => Hacking and Security => : lucid January 04, 2014, 05:15:31 AM

: What the hell?
: lucid January 04, 2014, 05:15:31 AM

Regrettably I'm posting here asking a rather mundane question, but I'm having this silly problem. Does wireshark not allow you to filter SSH packets anymore or something? I used to be able to just type 'ssh' into the filter and only my SSH packets would show up(go figure). Now this doesn't seem to be the case. See, I just want to analyze an SSH packet to make sure that I have the proper cipher set(blowfish). It used to be real easy. Add 'ssh' into the filter, then run ssh. Then analyze the packet and at the very bottom it would show what cipher is used and if compression is enabled.

Another thing I noticed, if I remove all filters and run SSH I don't even see SSH packets show up at all. Just TCP. So I'm confused.

: Re: What the hell?
: Kulverstukas January 04, 2014, 10:44:43 AM

Download an older version and try again.

: Re: What the hell?
: lucid January 04, 2014, 09:07:22 PM

Damn. Yeah I already tried filtering for the port that it was listening on(not 22) and saw the corresponding TCP packets. None of them, however, seemed to contain any information regarding what cipher ssh was using, or really very much ssh specific information at all.

Wireshark used to show SSHv2 protocol packets specifically. Guess I'm downloading an older version.