cancel
Showing results for 
Search instead for 
Did you mean: 
feickholt
Level 10

Detect SSH in SSL Tunnel

Is it possible to detect a SSH Session in a SSL Tunnel using SSL Intercept?

Is there any chance to define rules looking into the payload to detect an SSH handshake?

Or can I only use the destination port (Port 22) for detection? This won't help if SSH is moved to another port (maybe port 80)...

Frank

0 Kudos
3 Replies
McAfee Employee

Re: Detect SSH in SSL Tunnel

Hello,

only via port. We can detect SSH in Socks though.

Michael

0 Kudos
feickholt
Level 10

Re: Detect SSH in SSL Tunnel

Using socks? Also  using port? Or is it possible to user ProtocolDetector.DetectedProtocol ?

0 Kudos
McAfee Employee

Re: Detect SSH in SSL Tunnel

Using the protocol detector. If ProtcolDetector.DetectedProtocol equals SSH....

0 Kudos