[Bro-Dev] [JIRA] (BIT-1344) New SSH Analyzer

Vlad Grigorescu (JIRA) jira at bro-tracker.atlassian.net
Wed Mar 25 09:57:01 PDT 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20115#comment-20115 ] 

Vlad Grigorescu commented on BIT-1344:

I committed a change to register the analyzer on 22/tcp.

There's still one regression in the private test suite - an SSH connection no longer gets identified as such. This is because there are TCP gaps, and the new analyzer follows the style of other BinPAC analyzers that don't try to parse when there's a gap. Because we're now doing actual parsing on the packets, I'd rather keep the strict behavior in place - the chances of parsing succeeding if there's a gap in the cleartext portion of the protocol are slim.

> New SSH Analyzer
> ----------------
>                 Key: BIT-1344
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1344
>             Project: Bro Issue Tracker
>          Issue Type: Improvement
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Vlad Grigorescu
>            Assignee: Vlad Grigorescu
> The SSH analyzer was rewritten from scratch in topic/vladg/ssh.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list