From: Andreas Jaggi Date: Sun, 23 Dec 2018 10:38:17 +0000 (+0100) Subject: Add dissector for SSH version exchange X-Git-Tag: tcpdump-4.99-bp~783 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/886fcf669f13779c8d25370c95b47993f5e3c7dd Add dissector for SSH version exchange --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 97c0bfed..76d6734f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1070,6 +1070,7 @@ set(NETDISSECT_SOURCE_LIST_C print-slow.c print-smtp.c print-snmp.c + print-ssh.c print-stp.c print-sunatm.c print-sunrpc.c diff --git a/Makefile.in b/Makefile.in index 3e6ed01b..7af5663a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -213,6 +213,7 @@ LIBNETDISSECT_SRC=\ print-slow.c \ print-smtp.c \ print-snmp.c \ + print-ssh.c \ print-stp.c \ print-sunatm.c \ print-sunrpc.c \ diff --git a/netdissect.h b/netdissect.h index ca42421b..9dab0f0e 100644 --- a/netdissect.h +++ b/netdissect.h @@ -689,6 +689,7 @@ extern void rtsp_print(netdissect_options *, const u_char *, u_int); extern void rx_print(netdissect_options *, const u_char *, u_int, u_int, u_int, const u_char *); extern void sctp_print(netdissect_options *, const u_char *, const u_char *, u_int); extern void sflow_print(netdissect_options *, const u_char *, u_int); +extern void ssh_print(netdissect_options *, const u_char *, u_int); extern void sip_print(netdissect_options *, const u_char *, u_int); extern void slow_print(netdissect_options *, const u_char *, u_int); extern void smb_data_print(netdissect_options *, const u_char *, u_int); diff --git a/print-ssh.c b/print-ssh.c new file mode 100644 index 00000000..0126bd0e --- /dev/null +++ b/print-ssh.c @@ -0,0 +1,102 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + +/* \summary: Secure Shell (SSH) printer */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "netdissect-stdinc.h" + +#include +#include + +#include "netdissect.h" +#include "extract.h" + +static int +ssh_print_version(netdissect_options *ndo, const u_char *pptr, u_int len) +{ + u_int idx = 0; + const char *pnp; + + if ( GET_U_1(pptr+idx) != 'S' ) + return 0; + idx++; + if ( GET_U_1(pptr+idx) != 'S' ) + return 0; + idx++; + if ( GET_U_1(pptr+idx) != 'H' ) + return 0; + idx++; + if ( GET_U_1(pptr+idx) != '-' ) + return 0; + idx++; + + while (idx < len) { + if (GET_U_1(pptr + idx) == '\n') { + /* + * LF without CR; end of line. + * Skip the LF and print the line, with the + * exception of the LF. + */ + goto print; + } else if (GET_U_1(pptr + idx) == '\r') { + /* CR - any LF? */ + if ((idx+1) >= len) { + /* not in this packet */ + goto trunc; + } + if (GET_U_1(pptr + idx + 1) == '\n') { + /* + * CR-LF; end of line. + * Skip the CR-LF and print the line, with + * the exception of the CR-LF. + */ + goto print; + } + + /* + * CR followed by something else; treat this as + * if it were binary data and don't print it. + */ + goto trunc; + } else if (!isascii(GET_U_1(pptr + idx)) || + !isprint(GET_U_1(pptr + idx)) ) { + /* + * Not a printable ASCII character; treat this + * as if it were binary data and don't print it. + */ + goto trunc; + } + idx++; + } +trunc: + return -1; +print: + ND_PRINT(": "); + /* Capitalize the protocol name */ + for (pnp = ndo->ndo_protocol; *pnp != '\0'; pnp++) + ND_PRINT("%c", ND_TOUPPER((u_char)*pnp)); + ND_PRINT(": %.*s", (int)idx, pptr); + return idx; +} + +void +ssh_print(netdissect_options *ndo, const u_char *pptr, u_int len) +{ + ndo->ndo_protocol = "ssh"; + + ssh_print_version(ndo, pptr, len); +} diff --git a/print-tcp.c b/print-tcp.c index 4f95e334..c0a21b98 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -721,6 +721,8 @@ tcp_print(netdissect_options *ndo, pptp_print(ndo, bp); else if (IS_SRC_OR_DST_PORT(REDIS_PORT)) resp_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(SSH_PORT)) + ssh_print(ndo, bp, length); #ifdef ENABLE_SMB else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) nbt_tcp_print(ndo, bp, length); diff --git a/tcp.h b/tcp.h index 3f455d9d..491157b0 100644 --- a/tcp.h +++ b/tcp.h @@ -94,6 +94,9 @@ struct tcphdr { #ifndef FTP_PORT #define FTP_PORT 21 #endif +#ifndef SSH_PORT +#define SSH_PORT 22 +#endif #ifndef TELNET_PORT #define TELNET_PORT 23 #endif diff --git a/tests/TESTLIST b/tests/TESTLIST index 0813f6db..d7294e08 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -627,6 +627,9 @@ rx_ubik-oobr rx_ubik-oobr.pcap rx_ubik-oobr.out -c1 rtp-seg-fault-1 rtp-seg-fault-1.pcapng rtp-seg-fault-1.out -v -T rtp rtp-seg-fault-2 rtp-seg-fault-2.pcapng rtp-seg-fault-2.out -v -T rtp +# SSH tests +ssh ssh.pcap ssh.out + # NFS tests nfs-write-verf-cookie nfs-write-verf-cookie.pcapng nfs-write-verf-cookie.out -vv diff --git a/tests/geneve-tcp.out b/tests/geneve-tcp.out index efb6ebbb..8b33673b 100644 --- a/tests/geneve-tcp.out +++ b/tests/geneve-tcp.out @@ -1,9 +1,9 @@ 1 22:04:33.999279 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [S], seq 397610159, win 14600, options [mss 1460,sackOK,TS val 2876069566 ecr 0,nop,wscale 7], length 0 2 22:04:33.999327 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [S.], seq 2910871522, ack 397610160, win 28960, options [mss 1460,sackOK,TS val 84248969 ecr 2876069566,nop,wscale 7], length 0 3 22:04:33.999513 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 1, win 115, options [nop,nop,TS val 2876069566 ecr 84248969], length 0 - 4 22:04:34.006164 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39 + 4 22:04:34.006164 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39: SSH: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 5 22:04:34.006357 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 0 - 6 22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21 + 6 22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21: SSH: SSH-2.0-OpenSSH_5.3 7 22:04:34.006457 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [.], ack 22, win 227, options [nop,nop,TS val 84248971 ecr 2876069573], length 0 8 22:04:34.006523 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 22:814, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 792 9 22:04:34.006560 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [.], ack 814, win 239, options [nop,nop,TS val 84248971 ecr 2876069573], length 0 diff --git a/tests/geneve-vni.out b/tests/geneve-vni.out index 6fcebed6..c5b6c9e6 100644 --- a/tests/geneve-vni.out +++ b/tests/geneve-vni.out @@ -2,7 +2,7 @@ 2 22:04:33.999279 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [S], seq 397610159, win 14600, options [mss 1460,sackOK,TS val 2876069566 ecr 0,nop,wscale 7], length 0 3 22:04:33.999513 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 2910871523, win 115, options [nop,nop,TS val 2876069566 ecr 84248969], length 0 4 22:04:34.006357 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 0 - 5 22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 0:21, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21 + 5 22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 0:21, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21: SSH: SSH-2.0-OpenSSH_5.3 6 22:04:34.006523 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 21:813, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 792 7 22:04:34.007397 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 813:837, ack 1024, win 130, options [nop,nop,TS val 2876069574 ecr 84248971], length 24 8 22:04:34.010470 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 837:981, ack 1176, win 145, options [nop,nop,TS val 2876069577 ecr 84248972], length 144 diff --git a/tests/geneve-vv.out b/tests/geneve-vv.out index d749f040..d19ec4d5 100644 --- a/tests/geneve-vv.out +++ b/tests/geneve-vv.out @@ -21,7 +21,7 @@ 6 22:04:34.006164 IP (tos 0x0, ttl 64, id 57275, offset 0, flags [DF], proto UDP (17), length 149) 20.0.0.1.22540 > 20.0.0.2.6081: [no cksum] Geneve, Flags [C], vni 0xa, options [class Standard (0x0) type 0x80(C) len 8 data 0000000c] IP (tos 0x0, ttl 64, id 54890, offset 0, flags [DF], proto TCP (6), length 91) - 30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], cksum 0xf103 (correct), seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39 + 30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], cksum 0xf103 (correct), seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39: SSH: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 7 22:04:34.006357 IP (tos 0x0, ttl 64, id 34824, offset 0, flags [DF], proto UDP (17), length 102) 20.0.0.2.43443 > 20.0.0.1.6081: [no cksum] Geneve, Flags [none], vni 0xb IP (tos 0x0, ttl 64, id 23059, offset 0, flags [DF], proto TCP (6), length 52) @@ -29,7 +29,7 @@ 8 22:04:34.006387 IP (tos 0x0, ttl 64, id 34825, offset 0, flags [DF], proto UDP (17), length 123) 20.0.0.2.43443 > 20.0.0.1.6081: [no cksum] Geneve, Flags [none], vni 0xb IP (tos 0x0, ttl 64, id 23060, offset 0, flags [DF], proto TCP (6), length 73) - 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], cksum 0xeea0 (correct), seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21 + 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], cksum 0xeea0 (correct), seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21: SSH: SSH-2.0-OpenSSH_5.3 9 22:04:34.006457 IP (tos 0x0, ttl 64, id 57276, offset 0, flags [DF], proto UDP (17), length 110) 20.0.0.1.22540 > 20.0.0.2.6081: [no cksum] Geneve, Flags [C], vni 0xa, options [class Standard (0x0) type 0x80(C) len 8 data 0000000c] IP (tos 0x0, ttl 64, id 54891, offset 0, flags [DF], proto TCP (6), length 52) diff --git a/tests/ipoib-e.out b/tests/ipoib-e.out index 4af4448c..25300838 100644 --- a/tests/ipoib-e.out +++ b/tests/ipoib-e.out @@ -8,7 +8,7 @@ 8 16:32:37.692912 IPOIB, ethertype IPv4 (0x0800), length 128: 192.168.56.10 > 192.168.56.24: ICMP echo request, id 6495, seq 5, length 64 9 16:32:45.050083 IPOIB, ethertype IPv4 (0x0800), length 104: 192.168.56.10.34170 > 192.168.56.24.22: Flags [SEW], seq 798232822, win 32983, options [mss 65480,sackOK,TS val 62202209 ecr 0,nop,wscale 8], length 0 10 16:32:45.050250 IPOIB, ethertype IPv4 (0x0800), length 96: 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 3051049339, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 0 - 11 16:32:45.051868 IPOIB, ethertype IPv4 (0x0800), length 122: 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26 + 11 16:32:45.051868 IPOIB, ethertype IPv4 (0x0800), length 122: 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26: SSH: SSH-2.0-OpenSSH_7.5 FIPS 12 16:32:45.062494 IPOIB, ethertype IPv4 (0x0800), length 96: 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 23, win 33232, options [nop,nop,TS val 62202210 ecr 81055], length 0 13 16:32:45.130591 IPOIB, ethertype IPv4 (0x0800), length 1160: 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 26:1090, ack 23, win 33232, options [nop,nop,TS val 62202217 ecr 81055], length 1064 14 16:32:45.158656 IPOIB, ethertype IPv4 (0x0800), length 96: 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 1087, win 33232, options [nop,nop,TS val 62202220 ecr 81064], length 0 diff --git a/tests/ipoib.out b/tests/ipoib.out index e2c720bc..a5605bf2 100644 --- a/tests/ipoib.out +++ b/tests/ipoib.out @@ -8,7 +8,7 @@ 8 16:32:37.692912 IP 192.168.56.10 > 192.168.56.24: ICMP echo request, id 6495, seq 5, length 64 9 16:32:45.050083 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [SEW], seq 798232822, win 32983, options [mss 65480,sackOK,TS val 62202209 ecr 0,nop,wscale 8], length 0 10 16:32:45.050250 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 3051049339, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 0 - 11 16:32:45.051868 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26 + 11 16:32:45.051868 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26: SSH: SSH-2.0-OpenSSH_7.5 FIPS 12 16:32:45.062494 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 23, win 33232, options [nop,nop,TS val 62202210 ecr 81055], length 0 13 16:32:45.130591 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 26:1090, ack 23, win 33232, options [nop,nop,TS val 62202217 ecr 81055], length 1064 14 16:32:45.158656 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 1087, win 33232, options [nop,nop,TS val 62202220 ecr 81064], length 0 diff --git a/tests/kday4.out b/tests/kday4.out index d9bcf938..b42d4f3b 100644 --- a/tests/kday4.out +++ b/tests/kday4.out @@ -22,7 +22,7 @@ 204.0.55.10.323 > 204.9.54.80.55936: Flags [P.], cksum 0xc9b6 (incorrect -> 0xfa70), seq 0:347, ack 4294959105, win 1040, options [nop,nop,TS val 2364757411 ecr 3084508609], length 347 RPKI-RTRv197 (unknown) 10 23:52:05.672232 IP truncated-ip - 768 bytes missing! (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!) - 204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 + 204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 [|ssh] 11 17:19:33.684826 IP (tos 0x6,ECT(0), ttl 62, id 62920, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4504 (->4524)!) 204.9.51.132.50079 > 204.243.53.80.22: Flags [.], cksum 0x858b (incorrect -> 0x85a1), ack 1, win 4092, options [nop,nop,TS val 941371913 ecr 1340592084], length 0 12 17:19:33.703499 IP (tos 0x0, ttl 64, id 63178, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 3e8c (->438c)!) diff --git a/tests/kday7.out b/tests/kday7.out index 48f4976b..8570abd1 100644 --- a/tests/kday7.out +++ b/tests/kday7.out @@ -22,7 +22,7 @@ 204.0.55.10.323 > 204.9.54.80.55936: Flags [P.], cksum 0xc9b6 (incorrect -> 0xfa86), seq 0:347, ack 4294959105, win 1040, options [nop,nop,TS val 2364757411 ecr 3084508609], length 347 RPKI-RTRv197 (unknown) 10 23:52:05.672232 IP truncated-ip - 768 bytes missing! (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!) - 204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 + 204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 [|ssh] 11 17:19:33.684826 IP (tos 0x6,ECT(0), ttl 62, id 62920, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4504 (->4524)!) 204.9.51.132.50079 > 204.243.53.80.22: Flags [.], cksum 0x858b (incorrect -> 0x85a1), ack 1, win 4092, options [nop,nop,TS val 941371913 ecr 1340592084], length 0 12 17:19:33.703499 IP (tos 0x0, ttl 64, id 63178, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 3e8c (->438c)!) diff --git a/tests/mptcp.out b/tests/mptcp.out index db1a1261..29bbc5ea 100644 --- a/tests/mptcp.out +++ b/tests/mptcp.out @@ -1,9 +1,9 @@ 1 12:56:35.701161 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [S], seq 2912457561, win 14600, options [mss 1460,sackOK,TS val 4294943152 ecr 0,nop,wscale 6,mptcp capable csum {0x9c9eabd1e46a33b2}], length 0 2 12:56:35.701661 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [S.], seq 125971326, ack 2912457562, win 14280, options [mss 1460,sackOK,TS val 4294943467 ecr 4294943152,nop,wscale 5,mptcp capable csum {0x967d2770b6960552}], length 0 3 12:56:35.702022 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 4294943152 ecr 4294943467,mptcp capable csum {0x9c9eabd1e46a33b2,0x967d2770b6960552}], length 0 - 4 12:56:35.786074 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [P.], seq 1:42, ack 1, win 447, options [nop,nop,TS val 4294943474 ecr 4294943152,mptcp add-addr id 1 10.1.2.2,mptcp dss ack 3576348362 seq 3518592144 subseq 1 len 41 csum 0x82f], length 41 + 4 12:56:35.786074 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [P.], seq 1:42, ack 1, win 447, options [nop,nop,TS val 4294943474 ecr 4294943152,mptcp add-addr id 1 10.1.2.2,mptcp dss ack 3576348362 seq 3518592144 subseq 1 len 41 csum 0x82f], length 41: SSH: SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1 5 12:56:35.786240 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [.], ack 42, win 229, options [nop,nop,TS val 4294943168 ecr 4294943474,mptcp dss ack 3518592185], length 0 - 6 12:56:35.787634 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [P.], seq 1:42, ack 42, win 229, options [nop,nop,TS val 4294943168 ecr 4294943474,mptcp dss ack 3518592185 seq 3576348362 subseq 1 len 41 csum 0x45c9], length 41 + 6 12:56:35.787634 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [P.], seq 1:42, ack 42, win 229, options [nop,nop,TS val 4294943168 ecr 4294943474,mptcp dss ack 3518592185 seq 3576348362 subseq 1 len 41 csum 0x45c9], length 41: SSH: SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze2 7 12:56:35.787786 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [.], ack 42, win 447, options [nop,nop,TS val 4294943474 ecr 4294943168,mptcp dss ack 3576348403], length 0 8 12:56:35.788254 IP 10.2.1.2.41221 > 10.1.2.2.22: Flags [S], seq 1863826096, win 14600, options [mss 1460,sackOK,TS val 4294943168 ecr 0,nop,wscale 6,mptcp join id 0 token 0xe47f0142 nonce 0x1b665a18], length 0 9 12:56:35.788849 IP 10.1.2.2.22 > 10.2.1.2.41221: Flags [S.], seq 1704897135, ack 1863826097, win 14280, options [mss 1460,sackOK,TS val 4294943474 ecr 4294943168,nop,wscale 5,mptcp join id 1 hmac 0x5ab680c7884af03d nonce 0x33abe9d5], length 0 diff --git a/tests/ssh.out b/tests/ssh.out new file mode 100644 index 00000000..11f2c931 --- /dev/null +++ b/tests/ssh.out @@ -0,0 +1,54 @@ + 1 10:50:09.891237 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [S], seq 4082233688, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1948436430 ecr 0,sackOK,eol], length 0 + 2 10:50:09.916918 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [S.], seq 2455219014, ack 4082233689, win 28960, options [mss 1460,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 7], length 0 + 3 10:50:09.916972 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1, win 4096, length 0 + 4 10:50:09.917574 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1:22, ack 1, win 4096, length 21: SSH: SSH-2.0-OpenSSH_7.8 + 5 10:50:09.944464 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 22, win 227, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 6 10:50:09.945545 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1:40, ack 22, win 227, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 39: SSH: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3 + 7 10:50:09.945615 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 40, win 4095, length 0 + 8 10:50:09.946159 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 22:1414, ack 40, win 4096, length 1392 + 9 10:50:09.966036 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 40:536, ack 22, win 227, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 496 + 10 10:50:09.966200 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 536, win 4088, length 0 + 11 10:50:10.004152 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1414, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 12 10:50:10.004222 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1414:1462, ack 536, win 4096, length 48 + 13 10:50:10.093620 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1462, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 14 10:50:10.119320 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 536:1300, ack 1462, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 764 + 15 10:50:10.119391 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1300, win 4084, length 0 + 16 10:50:10.123330 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1462:1478, ack 1300, win 4096, length 16 + 17 10:50:10.191751 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1478, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 18 10:50:10.191831 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1478:1522, ack 1300, win 4096, length 44 + 19 10:50:10.206243 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1522, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 20 10:50:10.207499 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1300:1344, ack 1522, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 44 + 21 10:50:10.207571 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1344, win 4095, length 0 + 22 10:50:10.207658 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1522:1582, ack 1344, win 4096, length 60 + 23 10:50:10.222651 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1344:1396, ack 1582, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 52 + 24 10:50:10.222724 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1396, win 4095, length 0 + 25 10:50:10.222884 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1582:2714, ack 1396, win 4096, length 1132 + 26 10:50:10.240953 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1396:2488, ack 2714, win 271, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 1092 + 27 10:50:10.241024 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2488, win 4078, length 0 + 28 10:50:10.319360 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], seq 2714:4174, ack 2488, win 4096, length 1460 + 29 10:50:10.319361 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 4174:4886, ack 2488, win 4096, length 712 + 30 10:50:10.335209 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 4886, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 31 10:50:10.348975 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2488:2516, ack 4886, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 28 + 32 10:50:10.349081 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2516, win 4095, length 0 + 33 10:50:10.349526 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 4886:4998, ack 2516, win 4096, length 112 + 34 10:50:10.363577 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2516:2912, ack 4886, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 396 + 35 10:50:10.363713 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2912, win 4089, length 0 + 36 10:50:10.379854 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2912:2956, ack 4998, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 44 + 37 10:50:10.379944 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2956, win 4095, length 0 + 38 10:50:10.380586 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 4998:5186, ack 2956, win 4096, length 188 + 39 10:50:10.397660 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2956:3028, ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 72 + 40 10:50:10.397833 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3028, win 4094, length 0 + 41 10:50:10.413471 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 3028:3136, ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 108 + 42 10:50:10.413539 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3136, win 4094, length 0 + 43 10:50:10.416235 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 3136:3312, ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 176 + 44 10:50:10.416295 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3312, win 4093, length 0 + 45 10:50:10.416417 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 5186:5222, ack 3312, win 4096, length 36 + 46 10:50:10.416417 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 5222:5282, ack 3312, win 4096, length 60 + 47 10:50:10.417744 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [F.], seq 5282, ack 3312, win 4096, length 0 + 48 10:50:10.446501 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,sack 1 {5282:5283}], length 0 + 49 10:50:10.446622 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [FP.], seq 5186:5282, ack 3312, win 4096, length 96 + 50 10:50:10.456121 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5222, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,sack 1 {5282:5283}], length 0 + 51 10:50:10.456127 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5283, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 52 10:50:10.456128 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [F.], seq 3312, ack 5283, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0 + 53 10:50:10.456384 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3313, win 4096, length 0 + 54 10:50:10.466614 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5283, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,sack 1 {5186:5283}], length 0 diff --git a/tests/ssh.pcap b/tests/ssh.pcap new file mode 100644 index 00000000..db435c00 Binary files /dev/null and b/tests/ssh.pcap differ diff --git a/win32/prj/WinDump.dsp b/win32/prj/WinDump.dsp index 59b073f1..42ab44af 100644 --- a/win32/prj/WinDump.dsp +++ b/win32/prj/WinDump.dsp @@ -625,6 +625,10 @@ SOURCE="..\..\print-snmp.c" # End Source File # Begin Source File +SOURCE="..\..\print-ssh.c" +# End Source File +# Begin Source File + SOURCE="..\..\print-stp.c" # End Source File # Begin Source File diff --git a/win32/prj/WinDump.vcproj b/win32/prj/WinDump.vcproj index fff7b727..3c746f99 100644 --- a/win32/prj/WinDump.vcproj +++ b/win32/prj/WinDump.vcproj @@ -3174,6 +3174,28 @@ /> + + + + + + + +