ssh allows you to make a local port N represent a remote socket X:Y, you then tell your application to connect to localhost:N instead of X:Y (which is inaccessible directly), and you have to capture at the loopback interface to analyze the tcp session using the tunnel. If my guess is correct, you'll have to capture on the loopback interface. If I am mistaken and you only cannot see "TCP" and its summary information in the "Info" column in packet list, simply disable SSH dissection ( Analyze -> Enabled Protocols, write "ssh" into the search field at the bottom left of the window which pops up, untick the checkbox next to SSH in the pane above, and click OK) and all your SSH packets will be shown as plain TCP ones.
If I understand your problem properly, you actually need to analyse a tcp session tunnelled through ssh, because the tcp headers (port numbers, window size etc.) of the tcp session carrying the ssh session itself are not encrypted.
0 kommentar(er)
