If my guess is correct, you'll have to capture on the loopback interface. If I am mistaken and you only cannot see "TCP" and its summary information in the "Info" column in packet list, simply disable SSH dissection ( Analyze -> Enabled Protocols, write "ssh" into the search field at the bottom left of the window which pops up, untick the checkbox next to SSH in the pane above, and click OK) and all your SSH packets will be shown as plain TCP ones. If I understand your problem properly, you actually need to analyse a tcp session tunnelled through ssh, because the tcp headers (port numbers, window size etc.) of the tcp session carrying the ssh session itself are not encrypted.
0 Comments
Leave a Reply. |