MCPcopy
hub / github.com/dreadl0ck/netcap / searchKexInit

Method searchKexInit

decoder/stream/ssh/ssh_reader.go:227–494  ·  view source on GitHub ↗
(r *bufio.Reader, dir reassembly.TCPFlowDirection)

Source from the content-addressed store, hash-verified

225}
226
227func (h *sshReader) searchKexInit(r *bufio.Reader, dir reassembly.TCPFlowDirection) {
228 dirStr := "client"
229 if dir != reassembly.TCPDirClientToServer {
230 dirStr = "server"
231 }
232
233 sshLog.Debug("searchKexInit called",
234 zap.String("ident", h.conversation.Ident),
235 zap.String("direction", dirStr),
236 zap.Bool("serverKexInitAlreadySet", h.serverKexInit != nil),
237 zap.Bool("clientKexInitAlreadySet", h.clientKexInit != nil),
238 )
239
240 if h.serverKexInit != nil && h.clientKexInit != nil {
241 sshLog.Debug("Both KexInit already set, skipping",
242 zap.String("ident", h.conversation.Ident),
243 )
244 return
245 }
246
247 data, err := ioutil.ReadAll(r)
248 if err != nil && !errors.Is(err, io.EOF) {
249 sshLog.Warn("Failed to read data from buffer",
250 zap.String("ident", h.conversation.Ident),
251 zap.String("direction", dirStr),
252 zap.Error(err),
253 )
254 fmt.Println(err)
255
256 return
257 }
258 // fmt.Println(dir, len(data), "\n", hex.Dump(data))
259
260 if len(data) == 0 {
261 sshLog.Debug("No data to parse",
262 zap.String("ident", h.conversation.Ident),
263 zap.String("direction", dirStr),
264 )
265 return
266 }
267
268 sshLog.Debug("Read data from buffer",
269 zap.String("ident", h.conversation.Ident),
270 zap.String("direction", dirStr),
271 zap.Int("dataLen", len(data)),
272 )
273
274 // length of the ident if it was found
275 offset := 0
276
277 if h.clientIdent == "" || h.serverIdent == "" { // read the SSH ident from the buffer
278 sshLog.Debug("Parsing SSH ident",
279 zap.String("ident", h.conversation.Ident),
280 zap.String("direction", dirStr),
281 )
282
283 var (
284 br = bytes.NewReader(data)

Callers 1

DecodeMethod · 0.95

Calls 15

processSSHIdentMethod · 0.95
ReverseFlowIdentFunction · 0.92
UnmarshalFunction · 0.85
buildAlgorithmsStringFunction · 0.85
extractSoftwareVersionFunction · 0.85
guessOSFunction · 0.85
hasWeakKexFunction · 0.85
hasWeakCipherFunction · 0.85
hasWeakMACFunction · 0.85
BoolMethod · 0.80
IntMethod · 0.80
Uint32Method · 0.80

Tested by

no test coverage detected