From 6966e0d19b389f78c97f55ab3b2318a5cda41e08 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 11 Sep 2019 17:13:49 +0200
Subject: Added STUN check to avoid false positives Added fingerprint comments
 in SSH/TLS Added netflow test pcap

---
 src/lib/protocols/ssh.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols/ssh.c')

diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c
index de3b93bc2..5dd6fb0e5 100644
--- a/src/lib/protocols/ssh.c
+++ b/src/lib/protocols/ssh.c
@@ -39,14 +39,19 @@
   seastc = packet.ssh.encryption_algorithms_server_to_client
   smastc = packet.ssh.mac_algorithms_server_to_client
   scastc = packet.ssh.compression_algorithms_server_to_client
-  hasshs_str = ';'.join([skex, seastc, smastc, scastc])
+  hasshs_str = ';'.join([skex, seastc, smastc, scastc]) 
 
   [client]
   ckex = packet.ssh.kex_algorithms
   ceacts = packet.ssh.encryption_algorithms_client_to_server
   cmacts = packet.ssh.mac_algorithms_client_to_server
   ccacts = packet.ssh.compression_algorithms_client_to_server
-  hassh_str = ';'.join([ckex, ceacts, cmacts, ccacts])
+  hassh_str = ';'.join([ckex, ceacts, cmacts, ccacts]) 
+
+  NOTE
+  THe ECDSA key fingerprint is SHA256 -> ssh.kex.h_sig (wireshark)
+  is in the Message Code: Diffie-Hellman Key Exchange Reply (31) 
+  that usually is packet 14
 */
 
 /* #define SSH_DEBUG 1 */
-- 
cgit v1.2.3