PcapPlusPlus
24.09
|
#include <SSHLayer.h>
Classes | |
struct | ssh_message_base |
Public Types | |
enum | SSHHandshakeMessageType { SSH_MSG_KEX_INIT = 20 , SSH_MSG_NEW_KEYS = 21 , SSH_MSG_KEX_DH_INIT = 30 , SSH_MSG_KEX_DH_REPLY = 31 , SSH_MSG_KEX_DH_GEX_INIT = 32 , SSH_MSG_KEX_DH_GEX_REPLY = 33 , SSH_MSG_KEX_DH_GEX_REQUEST = 34 , SSH_MSG_UNKNOWN = 999 } |
Public Member Functions | |
SSHHandshakeMessageType | getMessageType () const |
std::string | getMessageTypeStr () const |
uint8_t * | getSSHHandshakeMessage () const |
size_t | getSSHHandshakeMessageLength () const |
size_t | getPaddingLength () const |
size_t | getHeaderLen () const |
std::string | toString () const |
Public Member Functions inherited from pcpp::SSHLayer | |
void | parseNextLayer () |
void | computeCalculateFields () |
OsiModelLayer | getOsiModelLayer () const |
Public Member Functions inherited from pcpp::Layer | |
virtual | ~Layer () |
Layer * | getNextLayer () const |
Layer * | getPrevLayer () const |
ProtocolType | getProtocol () const |
bool | isMemberOfProtocolFamily (ProtocolTypeFamily protocolTypeFamily) const |
uint8_t * | getData () const |
size_t | getDataLen () const |
uint8_t * | getLayerPayload () const |
size_t | getLayerPayloadSize () const |
bool | isAllocatedToPacket () const |
void | copyData (uint8_t *toArr) const |
uint8_t * | getDataPtr (size_t offset=0) const |
Static Public Member Functions | |
static SSHHandshakeMessage * | tryParse (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet) |
Static Public Member Functions inherited from pcpp::SSHLayer | |
static SSHLayer * | createSSHMessage (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet) |
static bool | isSSHPort (uint16_t portSrc, uint16_t portDst) |
A class representing all of the non-encrypted SSH handshake messages. An handshake message typically has the following structure:
0 1 2 3 4 5 6 +---------+---------+---------+---------+---------+---------+----------- ---------+ | Packet Length | Padding | Message | Message .... Padding | | | Length | Type | Content .... | +---------------------------------------+---------+---------+----------- ---------+
The first 4 bytes hold the packet length, followed by 1 byte that holds the padding length (which comes at the end of the message), then 1 byte that holds the message type (which can be of type SSHHandshakeMessage::SSHHandshakeMessageType) and then the message content. At the end of the content there is typically padding.
This class provides access to all of these values. The message content itself is not parse with the exception of SSHKeyExchangeInitMessage which inherits from this class and provides parsing of the Key Exchange Init message.
An enum that represents SSH non-encrypted message types
|
virtual |
Implements pcpp::Layer.
SSHHandshakeMessageType pcpp::SSHHandshakeMessage::getMessageType | ( | ) | const |
std::string pcpp::SSHHandshakeMessage::getMessageTypeStr | ( | ) | const |
size_t pcpp::SSHHandshakeMessage::getPaddingLength | ( | ) | const |
uint8_t* pcpp::SSHHandshakeMessage::getSSHHandshakeMessage | ( | ) | const |
size_t pcpp::SSHHandshakeMessage::getSSHHandshakeMessageLength | ( | ) | const |
|
virtual |
Implements pcpp::Layer.
|
static |
A static method that takes raw packet data and uses some heuristics described in the SSHLayer.h file description to parse it as SSH handshake message instance
[in] | data | A pointer to the raw data |
[in] | dataLen | Size of the data in bytes |
[in] | prevLayer | A pointer to the previous layer |
[in] | packet | A pointer to the Packet instance where layer will be stored in |