[
https://bro-tracker.atlassian.net/browse/BIT-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20115#comment-20115
]
Vlad Grigorescu commented on BIT-1344:
--------------------------------------
I committed a change to register the analyzer on 22/tcp.
There's still one regression in the private test suite - an SSH connection no
longer gets identified as such. This is because there are TCP gaps, and the new
analyzer follows the style of other BinPAC analyzers that don't try to parse
when there's a gap. Because we're now doing actual parsing on the packets, I'd
rather keep the strict behavior in place - the chances of parsing succeeding if
there's a gap in the cleartext portion of the protocol are slim.
> New SSH Analyzer
> ----------------
>
> Key: BIT-1344
> URL: https://bro-tracker.atlassian.net/browse/BIT-1344
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: Bro
> Affects Versions: 2.4
> Reporter: Vlad Grigorescu
> Assignee: Vlad Grigorescu
>
> The SSH analyzer was rewritten from scratch in topic/vladg/ssh.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-005#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
