PcapPlusPlus  Next
Classes | Public Types | Public Member Functions | Static Public Member Functions | List of all members
pcpp::SSHHandshakeMessage Class Reference

#include <SSHLayer.h>

Inheritance diagram for pcpp::SSHHandshakeMessage:
pcpp::SSHLayer pcpp::Layer pcpp::IDataContainer pcpp::SSHKeyExchangeInitMessage

Classes

struct  ssh_message_base
 An internal struct representing the SSH handshake message header. More...
 

Public Types

enum  SSHHandshakeMessageType {
  SSH_MSG_KEX_INIT = 20 , SSH_MSG_NEW_KEYS = 21 , SSH_MSG_KEX_DH_INIT = 30 , SSH_MSG_KEX_DH_REPLY = 31 ,
  SSH_MSG_KEX_DH_GEX_INIT = 32 , SSH_MSG_KEX_DH_GEX_REPLY = 33 , SSH_MSG_KEX_DH_GEX_REQUEST = 34 , SSH_MSG_UNKNOWN = 999
}
 An enum that represents SSH non-encrypted message types. More...
 

Public Member Functions

SSHHandshakeMessageType getMessageType () const
 
std::string getMessageTypeStr () const
 
uint8_t * getSSHHandshakeMessage () const
 
size_t getSSHHandshakeMessageLength () const
 
size_t getPaddingLength () const
 
size_t getHeaderLen () const override
 
std::string toString () const override
 
- Public Member Functions inherited from pcpp::SSHLayer
void parseNextLayer () override
 
void computeCalculateFields () override
 Does nothing for this layer.
 
OsiModelLayer getOsiModelLayer () const override
 
- Public Member Functions inherited from pcpp::Layer
 ~Layer () override
 
LayergetNextLayer () const
 
LayergetPrevLayer () const
 
ProtocolType getProtocol () const
 
bool isMemberOfProtocolFamily (ProtocolTypeFamily protocolTypeFamily) const
 
uint8_t * getData () const
 
size_t getDataLen () const
 
uint8_t * getLayerPayload () const
 
size_t getLayerPayloadSize () const
 
bool isAllocatedToPacket () const
 
void copyData (uint8_t *toArr) const
 
uint8_t * getDataPtr (size_t offset=0) const override
 

Static Public Member Functions

static SSHHandshakeMessagetryParse (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
 
- Static Public Member Functions inherited from pcpp::SSHLayer
static SSHLayercreateSSHMessage (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
 
static bool isSSHPort (uint16_t portSrc, uint16_t portDst)
 

Additional Inherited Members

- Protected Member Functions inherited from pcpp::Layer
PacketgetAttachedPacket ()
 Get a pointer to the Packet this layer is attached to (if any). More...
 
Packet const * getAttachedPacket () const
 Get a pointer to the Packet this layer is attached to (if any). More...
 
template<typename T , typename... Args>
LayerconstructNextLayer (uint8_t *data, size_t dataLen, Args &&... extraArgs)
 Construct the next layer in the protocol stack. No validation is performed on the data. More...
 
template<typename T , typename... Args>
LayerconstructNextLayer (uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 
template<typename TFactory , typename... Args>
LayerconstructNextLayerFromFactory (TFactory factoryFn, uint8_t *data, size_t dataLen, Args &&... extraArgs)
 Construct the next layer in the protocol stack using a factory functor. More...
 
template<typename TFactory , typename... Args>
LayerconstructNextLayerFromFactory (TFactory factoryFn, uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 Construct the next layer in the protocol stack using a factory functor. More...
 
template<typename T , typename... Args>
LayertryConstructNextLayer (uint8_t *data, size_t dataLen, Args &&... extraArgs)
 
template<typename T , typename... Args>
LayertryConstructNextLayer (uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 
template<typename T , typename TFallback , typename... Args>
LayertryConstructNextLayerWithFallback (uint8_t *data, size_t dataLen, Args &&... extraArgs)
 Try to construct the next layer in the protocol stack with a fallback option. More...
 
template<typename T , typename TFallback , typename... Args>
LayertryConstructNextLayerWithFallback (uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 
template<typename TFallback , typename TFactory , typename... Args>
LayertryConstructNextLayerFromFactoryWithFallback (TFactory factoryFn, uint8_t *data, size_t dataLen, Args &&... extraArgs)
 Try to construct the next layer in the protocol stack using a factory functor with a fallback option. More...
 
template<typename TFallback , typename TFactory , typename... Args>
LayertryConstructNextLayerFromFactoryWithFallback (TFactory factoryFn, uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 Try to construct the next layer in the protocol stack using a factory functor with a fallback option. More...
 
- Static Protected Member Functions inherited from pcpp::Layer
template<typename T >
static bool canReinterpretAs (const uint8_t *data, size_t dataLen)
 Check if the data is large enough to reinterpret as a type. More...
 

Detailed Description

A class representing all of the non-encrypted SSH handshake messages. An handshake message typically has the following structure:

0 1 2 3 4 5 6
+---------+---------+---------+---------+---------+---------+----------- ---------+
| Packet Length | Padding | Message | Message .... Padding |
| | Length | Type | Content .... |
+---------------------------------------+---------+---------+----------- ---------+

The first 4 bytes hold the packet length, followed by 1 byte that holds the padding length (which comes at the end of the message), then 1 byte that holds the message type (which can be of type SSHHandshakeMessage::SSHHandshakeMessageType) and then the message content. At the end of the content there is typically padding.

This class provides access to all of these values. The message content itself is not parse with the exception of SSHKeyExchangeInitMessage which inherits from this class and provides parsing of the Key Exchange Init message.

Member Enumeration Documentation

◆ SSHHandshakeMessageType

enum pcpp::SSHHandshakeMessage::SSHHandshakeMessageType

An enum that represents SSH non-encrypted message types.

Enumerator
SSH_MSG_KEX_INIT 

Key Exchange Init message.

SSH_MSG_NEW_KEYS 

New Keys message.

SSH_MSG_KEX_DH_INIT 

Diffie-Hellman Key Exchange Init message.

SSH_MSG_KEX_DH_REPLY 

message

SSH_MSG_KEX_DH_GEX_INIT 

Diffie-Hellman Group Exchange Init message.

SSH_MSG_KEX_DH_GEX_REPLY 

"Diffie-Hellman Group Exchange Reply message

SSH_MSG_KEX_DH_GEX_REQUEST 

Diffie-Hellman Group Exchange Request message.

SSH_MSG_UNKNOWN 

Unknown message.

Member Function Documentation

◆ getHeaderLen()

size_t pcpp::SSHHandshakeMessage::getHeaderLen ( ) const
overridevirtual
Returns
The size of the SSH handshake message including the padding and message header

Implements pcpp::Layer.

◆ getMessageType()

SSHHandshakeMessageType pcpp::SSHHandshakeMessage::getMessageType ( ) const
Returns
The message type

◆ getMessageTypeStr()

std::string pcpp::SSHHandshakeMessage::getMessageTypeStr ( ) const
Returns
A string representation of the message type

◆ getPaddingLength()

size_t pcpp::SSHHandshakeMessage::getPaddingLength ( ) const
Returns
The padding length in [bytes]

◆ getSSHHandshakeMessage()

uint8_t* pcpp::SSHHandshakeMessage::getSSHHandshakeMessage ( ) const
Returns
A raw byte stream of the message content

◆ getSSHHandshakeMessageLength()

size_t pcpp::SSHHandshakeMessage::getSSHHandshakeMessageLength ( ) const
Returns
The message content length in [bytes] which is calculated by the overall packet length minus the message header (which includes packet length, padding length and message type) and minus the padding bytes

◆ toString()

std::string pcpp::SSHHandshakeMessage::toString ( ) const
overridevirtual
Returns
A string representation of the layer most important data (should look like the layer description in Wireshark)

Implements pcpp::Layer.

◆ tryParse()

static SSHHandshakeMessage* pcpp::SSHHandshakeMessage::tryParse ( uint8_t *  data,
size_t  dataLen,
Layer prevLayer,
Packet packet 
)
static

A static method that takes raw packet data and uses some heuristics described in the SSHLayer.h file description to parse it as SSH handshake message instance

Parameters
[in]dataA pointer to the raw data
[in]dataLenSize of the data in bytes
[in]prevLayerA pointer to the previous layer
[in]packetA pointer to the Packet instance where layer will be stored in
Returns
Upon successful parsing the return value would be an instance of SSHKeyExchangeInitMessage for Key Exchange Init message or SSHHandshakeMessage for any other message type. If parsing fails nullptr will be returned