Open-Source Software Engineering (Fall 2019)

This page collects information about the Wireshark project in CS 5152 (Fall 2019) - Open-Source Software Engineering.

Course description: https://www.cs.cornell.edu/courses/cs5152/2019fa/ Tracking bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16054

Project description

Mentor: Peter Wu

Team Size: 4-5

Summary: Add decryption support to the SSH dissector.

Description: Wireshark is an open-source network protocol analyzer. It is used in education to provide a visual and practical understanding of networking concepts, and in industry for network-related troubleshooting and to facilitate development of new products and standards.

As increasingly more network traffic is encrypted, decryption is required to enable users to achieve an optimal understanding of application behavior. Wireshark is able to decrypt several protocols, including TLS, QUIC, and WireGuard. Decryption does require additional key material to be extracted from applications, see the previously linked protocol pages for examples.

The Secure Shell (SSH) protocol is commonly used for managing remote systems, ranging from a Raspberry Pi to a global fleet of servers. OpenSSH is the most popular implementation, while Dropbear is a smaller implementation that is found in some routers.

Wireshark has basic support for dissection of SSH protocol messages. However, most of the interesting details (commands, input/output, file transfers) are present in the encrypted fields. Tasks:

If time permits, one could add even more functionaliy:

Skills: You will learn about:

Timeline

Ideas

The above project description is a proposal, but feel free to make other suggestions. This is an open-source project anyway :-)

There are many places where people can help. For inspiration:

Some examples:

OpenSourceSoftwareEngineeringFall2019 (last edited 2019-09-15 16:11:57 by PeterWu)