19 files changed, 204 insertions, 11 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 97c0bfed..76d6734f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1070,6 +1070,7 @@ set(NETDISSECT_SOURCE_LIST_C
     print-slow.c
     print-smtp.c
     print-snmp.c
+    print-ssh.c
     print-stp.c
     print-sunatm.c
     print-sunrpc.c
diff --git a/Makefile.in b/Makefile.in
index 3e6ed01b..7af5663a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -213,6 +213,7 @@ LIBNETDISSECT_SRC=\
 	print-slow.c \
 	print-smtp.c \
 	print-snmp.c \
+	print-ssh.c \
 	print-stp.c \
 	print-sunatm.c \
 	print-sunrpc.c \
diff --git a/netdissect.h b/netdissect.h
index ca42421b..9dab0f0e 100644
--- a/netdissect.h
+++ b/netdissect.h
@@ -689,6 +689,7 @@ extern void rtsp_print(netdissect_options *, const u_char *, u_int);
 extern void rx_print(netdissect_options *, const u_char *, u_int, u_int, u_int, const u_char *);
 extern void sctp_print(netdissect_options *, const u_char *, const u_char *, u_int);
 extern void sflow_print(netdissect_options *, const u_char *, u_int);
+extern void ssh_print(netdissect_options *, const u_char *, u_int);
 extern void sip_print(netdissect_options *, const u_char *, u_int);
 extern void slow_print(netdissect_options *, const u_char *, u_int);
 extern void smb_data_print(netdissect_options *, const u_char *, u_int);
diff --git a/print-ssh.c b/print-ssh.c
new file mode 100644
index 00000000..0126bd0e
--- /dev/null
+++ b/print-ssh.c
@@ -0,0 +1,102 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code
+ * distributions retain the above copyright notice and this paragraph
+ * in its entirety, and (2) distributions including binary code include
+ * the above copyright notice and this paragraph in its entirety in
+ * the documentation or other materials provided with the distribution.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
+ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE.
+ */
+
+/* \summary: Secure Shell (SSH) printer */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "netdissect-stdinc.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "netdissect.h"
+#include "extract.h"
+
+static int
+ssh_print_version(netdissect_options *ndo, const u_char *pptr, u_int len)
+{
+	u_int idx = 0;
+	const char *pnp;
+
+	if ( GET_U_1(pptr+idx) != 'S' )
+		return 0;
+	idx++;
+	if ( GET_U_1(pptr+idx) != 'S' )
+		return 0;
+	idx++;
+	if ( GET_U_1(pptr+idx) != 'H' )
+		return 0;
+	idx++;
+	if ( GET_U_1(pptr+idx) != '-' )
+		return 0;
+	idx++;
+
+	while (idx < len) {
+		if (GET_U_1(pptr + idx) == '\n') {
+			/*
+			 * LF without CR; end of line.
+			 * Skip the LF and print the line, with the
+			 * exception of the LF.
+			 */
+			goto print;
+		} else if (GET_U_1(pptr + idx) == '\r') {
+			/* CR - any LF? */
+			if ((idx+1) >= len) {
+				/* not in this packet */
+				goto trunc;
+			}
+			if (GET_U_1(pptr + idx + 1) == '\n') {
+				/*
+				 * CR-LF; end of line.
+				 * Skip the CR-LF and print the line, with
+				 * the exception of the CR-LF.
+				 */
+				goto print;
+			}
+
+			/*
+			 * CR followed by something else; treat this as
+			 * if it were binary data and don't print it.
+			 */
+			goto trunc;
+		} else if (!isascii(GET_U_1(pptr + idx)) ||
+			   !isprint(GET_U_1(pptr + idx)) ) {
+			/*
+			 * Not a printable ASCII character; treat this
+			 * as if it were binary data and don't print it.
+			 */
+			goto trunc;
+		}
+		idx++;
+	}
+trunc:
+	return -1;
+print:
+	ND_PRINT(": ");
+	/* Capitalize the protocol name */
+	for (pnp = ndo->ndo_protocol; *pnp != '\0'; pnp++)
+		ND_PRINT("%c", ND_TOUPPER((u_char)*pnp));
+	ND_PRINT(": %.*s", (int)idx, pptr);
+	return idx;
+}
+
+void
+ssh_print(netdissect_options *ndo, const u_char *pptr, u_int len)
+{
+	ndo->ndo_protocol = "ssh";
+
+	ssh_print_version(ndo, pptr, len);
+}
diff --git a/print-tcp.c b/print-tcp.c
index 4f95e334..c0a21b98 100644
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -721,6 +721,8 @@ tcp_print(netdissect_options *ndo,
                 pptp_print(ndo, bp);
         else if (IS_SRC_OR_DST_PORT(REDIS_PORT))
                 resp_print(ndo, bp, length);
+        else if (IS_SRC_OR_DST_PORT(SSH_PORT))
+                ssh_print(ndo, bp, length);
 #ifdef ENABLE_SMB
         else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT))
                 nbt_tcp_print(ndo, bp, length);
diff --git a/tcp.h b/tcp.h
index 3f455d9d..491157b0 100644
--- a/tcp.h
+++ b/tcp.h
@@ -94,6 +94,9 @@ struct tcphdr {
 #ifndef FTP_PORT
 #define FTP_PORT		21
 #endif
+#ifndef SSH_PORT
+#define SSH_PORT		22
+#endif
 #ifndef TELNET_PORT
 #define TELNET_PORT		23
 #endif
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 0813f6db..d7294e08 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -627,6 +627,9 @@ rx_ubik-oobr		rx_ubik-oobr.pcap		rx_ubik-oobr.out -c1
 rtp-seg-fault-1  rtp-seg-fault-1.pcapng  rtp-seg-fault-1.out  -v -T rtp
 rtp-seg-fault-2  rtp-seg-fault-2.pcapng  rtp-seg-fault-2.out  -v -T rtp
 
+# SSH tests
+ssh			ssh.pcap		ssh.out
+
 # NFS tests
 nfs-write-verf-cookie nfs-write-verf-cookie.pcapng nfs-write-verf-cookie.out -vv
 
diff --git a/tests/geneve-tcp.out b/tests/geneve-tcp.out
index efb6ebbb..8b33673b 100644
--- a/tests/geneve-tcp.out
+++ b/tests/geneve-tcp.out
@@ -1,9 +1,9 @@
     1  22:04:33.999279 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [S], seq 397610159, win 14600, options [mss 1460,sackOK,TS val 2876069566 ecr 0,nop,wscale 7], length 0
     2  22:04:33.999327 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [S.], seq 2910871522, ack 397610160, win 28960, options [mss 1460,sackOK,TS val 84248969 ecr 2876069566,nop,wscale 7], length 0
     3  22:04:33.999513 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 1, win 115, options [nop,nop,TS val 2876069566 ecr 84248969], length 0
-    4  22:04:34.006164 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39
+    4  22:04:34.006164 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39: SSH: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
     5  22:04:34.006357 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 0
-    6  22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21
+    6  22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21: SSH: SSH-2.0-OpenSSH_5.3
     7  22:04:34.006457 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [.], ack 22, win 227, options [nop,nop,TS val 84248971 ecr 2876069573], length 0
     8  22:04:34.006523 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 22:814, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 792
     9  22:04:34.006560 IP 20.0.0.1.22540 > 20.0.0.2.6081: Geneve, Flags [C], vni 0xa, options [8 bytes]: IP 30.0.0.1.22 > 30.0.0.2.51225: Flags [.], ack 814, win 239, options [nop,nop,TS val 84248971 ecr 2876069573], length 0
diff --git a/tests/geneve-vni.out b/tests/geneve-vni.out
index 6fcebed6..c5b6c9e6 100644
--- a/tests/geneve-vni.out
+++ b/tests/geneve-vni.out
@@ -2,7 +2,7 @@
     2  22:04:33.999279 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [S], seq 397610159, win 14600, options [mss 1460,sackOK,TS val 2876069566 ecr 0,nop,wscale 7], length 0
     3  22:04:33.999513 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 2910871523, win 115, options [nop,nop,TS val 2876069566 ecr 84248969], length 0
     4  22:04:34.006357 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [.], ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 0
-    5  22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 0:21, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21
+    5  22:04:34.006387 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 0:21, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21: SSH: SSH-2.0-OpenSSH_5.3
     6  22:04:34.006523 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 21:813, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 792
     7  22:04:34.007397 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 813:837, ack 1024, win 130, options [nop,nop,TS val 2876069574 ecr 84248971], length 24
     8  22:04:34.010470 IP 20.0.0.2.43443 > 20.0.0.1.6081: Geneve, Flags [none], vni 0xb: IP 30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], seq 837:981, ack 1176, win 145, options [nop,nop,TS val 2876069577 ecr 84248972], length 144
diff --git a/tests/geneve-vv.out b/tests/geneve-vv.out
index d749f040..d19ec4d5 100644
--- a/tests/geneve-vv.out
+++ b/tests/geneve-vv.out
@@ -21,7 +21,7 @@
     6  22:04:34.006164 IP (tos 0x0, ttl 64, id 57275, offset 0, flags [DF], proto UDP (17), length 149)
     20.0.0.1.22540 > 20.0.0.2.6081: [no cksum] Geneve, Flags [C], vni 0xa, options [class Standard (0x0) type 0x80(C) len 8 data 0000000c]
 	IP (tos 0x0, ttl 64, id 54890, offset 0, flags [DF], proto TCP (6), length 91)
-    30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], cksum 0xf103 (correct), seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39
+    30.0.0.1.22 > 30.0.0.2.51225: Flags [P.], cksum 0xf103 (correct), seq 1:40, ack 1, win 227, options [nop,nop,TS val 84248971 ecr 2876069566], length 39: SSH: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
     7  22:04:34.006357 IP (tos 0x0, ttl 64, id 34824, offset 0, flags [DF], proto UDP (17), length 102)
     20.0.0.2.43443 > 20.0.0.1.6081: [no cksum] Geneve, Flags [none], vni 0xb
 	IP (tos 0x0, ttl 64, id 23059, offset 0, flags [DF], proto TCP (6), length 52)
@@ -29,7 +29,7 @@
     8  22:04:34.006387 IP (tos 0x0, ttl 64, id 34825, offset 0, flags [DF], proto UDP (17), length 123)
     20.0.0.2.43443 > 20.0.0.1.6081: [no cksum] Geneve, Flags [none], vni 0xb
 	IP (tos 0x0, ttl 64, id 23060, offset 0, flags [DF], proto TCP (6), length 73)
-    30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], cksum 0xeea0 (correct), seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21
+    30.0.0.2.51225 > 30.0.0.1.22: Flags [P.], cksum 0xeea0 (correct), seq 1:22, ack 40, win 115, options [nop,nop,TS val 2876069573 ecr 84248971], length 21: SSH: SSH-2.0-OpenSSH_5.3
     9  22:04:34.006457 IP (tos 0x0, ttl 64, id 57276, offset 0, flags [DF], proto UDP (17), length 110)
     20.0.0.1.22540 > 20.0.0.2.6081: [no cksum] Geneve, Flags [C], vni 0xa, options [class Standard (0x0) type 0x80(C) len 8 data 0000000c]
 	IP (tos 0x0, ttl 64, id 54891, offset 0, flags [DF], proto TCP (6), length 52)
diff --git a/tests/ipoib-e.out b/tests/ipoib-e.out
index 4af4448c..25300838 100644
--- a/tests/ipoib-e.out
+++ b/tests/ipoib-e.out
@@ -8,7 +8,7 @@
     8  16:32:37.692912 IPOIB, ethertype IPv4 (0x0800), length 128: 192.168.56.10 > 192.168.56.24: ICMP echo request, id 6495, seq 5, length 64
     9  16:32:45.050083 IPOIB, ethertype IPv4 (0x0800), length 104: 192.168.56.10.34170 > 192.168.56.24.22: Flags [SEW], seq 798232822, win 32983, options [mss 65480,sackOK,TS val 62202209 ecr 0,nop,wscale 8], length 0
    10  16:32:45.050250 IPOIB, ethertype IPv4 (0x0800), length 96: 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 3051049339, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 0
-   11  16:32:45.051868 IPOIB, ethertype IPv4 (0x0800), length 122: 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26
+   11  16:32:45.051868 IPOIB, ethertype IPv4 (0x0800), length 122: 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26: SSH: SSH-2.0-OpenSSH_7.5 FIPS
    12  16:32:45.062494 IPOIB, ethertype IPv4 (0x0800), length 96: 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 23, win 33232, options [nop,nop,TS val 62202210 ecr 81055], length 0
    13  16:32:45.130591 IPOIB, ethertype IPv4 (0x0800), length 1160: 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 26:1090, ack 23, win 33232, options [nop,nop,TS val 62202217 ecr 81055], length 1064
    14  16:32:45.158656 IPOIB, ethertype IPv4 (0x0800), length 96: 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 1087, win 33232, options [nop,nop,TS val 62202220 ecr 81064], length 0
diff --git a/tests/ipoib.out b/tests/ipoib.out
index e2c720bc..a5605bf2 100644
--- a/tests/ipoib.out
+++ b/tests/ipoib.out
@@ -8,7 +8,7 @@
     8  16:32:37.692912 IP 192.168.56.10 > 192.168.56.24: ICMP echo request, id 6495, seq 5, length 64
     9  16:32:45.050083 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [SEW], seq 798232822, win 32983, options [mss 65480,sackOK,TS val 62202209 ecr 0,nop,wscale 8], length 0
    10  16:32:45.050250 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 3051049339, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 0
-   11  16:32:45.051868 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26
+   11  16:32:45.051868 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 0:26, ack 1, win 33232, options [nop,nop,TS val 62202209 ecr 81054], length 26: SSH: SSH-2.0-OpenSSH_7.5 FIPS
    12  16:32:45.062494 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 23, win 33232, options [nop,nop,TS val 62202210 ecr 81055], length 0
    13  16:32:45.130591 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [P.], seq 26:1090, ack 23, win 33232, options [nop,nop,TS val 62202217 ecr 81055], length 1064
    14  16:32:45.158656 IP 192.168.56.10.34170 > 192.168.56.24.22: Flags [.], ack 1087, win 33232, options [nop,nop,TS val 62202220 ecr 81064], length 0
diff --git a/tests/kday4.out b/tests/kday4.out
index d9bcf938..b42d4f3b 100644
--- a/tests/kday4.out
+++ b/tests/kday4.out
@@ -22,7 +22,7 @@
     204.0.55.10.323 > 204.9.54.80.55936: Flags [P.], cksum 0xc9b6 (incorrect -> 0xfa70), seq 0:347, ack 4294959105, win 1040, options [nop,nop,TS val 2364757411 ecr 3084508609], length 347
 	RPKI-RTRv197 (unknown)
    10  23:52:05.672232 IP truncated-ip - 768 bytes missing! (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!)
-    204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768
+    204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 [|ssh]
    11  17:19:33.684826 IP (tos 0x6,ECT(0), ttl 62, id 62920, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4504 (->4524)!)
     204.9.51.132.50079 > 204.243.53.80.22: Flags [.], cksum 0x858b (incorrect -> 0x85a1), ack 1, win 4092, options [nop,nop,TS val 941371913 ecr 1340592084], length 0
    12  17:19:33.703499 IP (tos 0x0, ttl 64, id 63178, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 3e8c (->438c)!)
diff --git a/tests/kday7.out b/tests/kday7.out
index 48f4976b..8570abd1 100644
--- a/tests/kday7.out
+++ b/tests/kday7.out
@@ -22,7 +22,7 @@
     204.0.55.10.323 > 204.9.54.80.55936: Flags [P.], cksum 0xc9b6 (incorrect -> 0xfa86), seq 0:347, ack 4294959105, win 1040, options [nop,nop,TS val 2364757411 ecr 3084508609], length 347
 	RPKI-RTRv197 (unknown)
    10  23:52:05.672232 IP truncated-ip - 768 bytes missing! (tos 0x10, ttl 62, id 64806, offset 0, flags [DF], proto TCP (6), length 820, bad cksum 3da6 (->3aa6)!)
-    204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768
+    204.9.51.132.50079 > 204.9.54.80.22: Flags [.], seq 0:768, ack 1, win 4094, options [nop,nop,TS val 941371775 ecr 4294967242], length 768 [|ssh]
    11  17:19:33.684826 IP (tos 0x6,ECT(0), ttl 62, id 62920, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4504 (->4524)!)
     204.9.51.132.50079 > 204.243.53.80.22: Flags [.], cksum 0x858b (incorrect -> 0x85a1), ack 1, win 4092, options [nop,nop,TS val 941371913 ecr 1340592084], length 0
    12  17:19:33.703499 IP (tos 0x0, ttl 64, id 63178, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 3e8c (->438c)!)
diff --git a/tests/mptcp.out b/tests/mptcp.out
index db1a1261..29bbc5ea 100644
--- a/tests/mptcp.out
+++ b/tests/mptcp.out
@@ -1,9 +1,9 @@
     1  12:56:35.701161 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [S], seq 2912457561, win 14600, options [mss 1460,sackOK,TS val 4294943152 ecr 0,nop,wscale 6,mptcp capable csum {0x9c9eabd1e46a33b2}], length 0
     2  12:56:35.701661 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [S.], seq 125971326, ack 2912457562, win 14280, options [mss 1460,sackOK,TS val 4294943467 ecr 4294943152,nop,wscale 5,mptcp capable csum {0x967d2770b6960552}], length 0
     3  12:56:35.702022 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [.], ack 1, win 229, options [nop,nop,TS val 4294943152 ecr 4294943467,mptcp capable csum {0x9c9eabd1e46a33b2,0x967d2770b6960552}], length 0
-    4  12:56:35.786074 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [P.], seq 1:42, ack 1, win 447, options [nop,nop,TS val 4294943474 ecr 4294943152,mptcp add-addr id 1 10.1.2.2,mptcp dss ack 3576348362 seq 3518592144 subseq 1 len 41 csum 0x82f], length 41
+    4  12:56:35.786074 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [P.], seq 1:42, ack 1, win 447, options [nop,nop,TS val 4294943474 ecr 4294943152,mptcp add-addr id 1 10.1.2.2,mptcp dss ack 3576348362 seq 3518592144 subseq 1 len 41 csum 0x82f], length 41: SSH: SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1
     5  12:56:35.786240 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [.], ack 42, win 229, options [nop,nop,TS val 4294943168 ecr 4294943474,mptcp dss ack 3518592185], length 0
-    6  12:56:35.787634 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [P.], seq 1:42, ack 42, win 229, options [nop,nop,TS val 4294943168 ecr 4294943474,mptcp dss ack 3518592185 seq 3576348362 subseq 1 len 41 csum 0x45c9], length 41
+    6  12:56:35.787634 IP 10.2.1.2.35961 > 10.1.1.2.22: Flags [P.], seq 1:42, ack 42, win 229, options [nop,nop,TS val 4294943168 ecr 4294943474,mptcp dss ack 3518592185 seq 3576348362 subseq 1 len 41 csum 0x45c9], length 41: SSH: SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze2
     7  12:56:35.787786 IP 10.1.1.2.22 > 10.2.1.2.35961: Flags [.], ack 42, win 447, options [nop,nop,TS val 4294943474 ecr 4294943168,mptcp dss ack 3576348403], length 0
     8  12:56:35.788254 IP 10.2.1.2.41221 > 10.1.2.2.22: Flags [S], seq 1863826096, win 14600, options [mss 1460,sackOK,TS val 4294943168 ecr 0,nop,wscale 6,mptcp join id 0 token 0xe47f0142 nonce 0x1b665a18], length 0
     9  12:56:35.788849 IP 10.1.2.2.22 > 10.2.1.2.41221: Flags [S.], seq 1704897135, ack 1863826097, win 14280, options [mss 1460,sackOK,TS val 4294943474 ecr 4294943168,nop,wscale 5,mptcp join id 1 hmac 0x5ab680c7884af03d nonce 0x33abe9d5], length 0
diff --git a/tests/ssh.out b/tests/ssh.out
new file mode 100644
index 00000000..11f2c931
--- /dev/null
+++ b/tests/ssh.out
@@ -0,0 +1,54 @@
+    1  10:50:09.891237 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [S], seq 4082233688, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1948436430 ecr 0,sackOK,eol], length 0
+    2  10:50:09.916918 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [S.], seq 2455219014, ack 4082233689, win 28960, options [mss 1460,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 7], length 0
+    3  10:50:09.916972 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1, win 4096, length 0
+    4  10:50:09.917574 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1:22, ack 1, win 4096, length 21: SSH: SSH-2.0-OpenSSH_7.8
+    5  10:50:09.944464 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 22, win 227, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+    6  10:50:09.945545 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1:40, ack 22, win 227, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 39: SSH: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
+    7  10:50:09.945615 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 40, win 4095, length 0
+    8  10:50:09.946159 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 22:1414, ack 40, win 4096, length 1392
+    9  10:50:09.966036 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 40:536, ack 22, win 227, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 496
+   10  10:50:09.966200 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 536, win 4088, length 0
+   11  10:50:10.004152 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1414, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   12  10:50:10.004222 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1414:1462, ack 536, win 4096, length 48
+   13  10:50:10.093620 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1462, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   14  10:50:10.119320 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 536:1300, ack 1462, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 764
+   15  10:50:10.119391 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1300, win 4084, length 0
+   16  10:50:10.123330 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1462:1478, ack 1300, win 4096, length 16
+   17  10:50:10.191751 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1478, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   18  10:50:10.191831 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1478:1522, ack 1300, win 4096, length 44
+   19  10:50:10.206243 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 1522, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   20  10:50:10.207499 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1300:1344, ack 1522, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 44
+   21  10:50:10.207571 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1344, win 4095, length 0
+   22  10:50:10.207658 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1522:1582, ack 1344, win 4096, length 60
+   23  10:50:10.222651 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1344:1396, ack 1582, win 249, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 52
+   24  10:50:10.222724 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 1396, win 4095, length 0
+   25  10:50:10.222884 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 1582:2714, ack 1396, win 4096, length 1132
+   26  10:50:10.240953 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 1396:2488, ack 2714, win 271, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 1092
+   27  10:50:10.241024 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2488, win 4078, length 0
+   28  10:50:10.319360 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], seq 2714:4174, ack 2488, win 4096, length 1460
+   29  10:50:10.319361 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 4174:4886, ack 2488, win 4096, length 712
+   30  10:50:10.335209 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 4886, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   31  10:50:10.348975 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2488:2516, ack 4886, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 28
+   32  10:50:10.349081 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2516, win 4095, length 0
+   33  10:50:10.349526 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 4886:4998, ack 2516, win 4096, length 112
+   34  10:50:10.363577 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2516:2912, ack 4886, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 396
+   35  10:50:10.363713 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2912, win 4089, length 0
+   36  10:50:10.379854 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2912:2956, ack 4998, win 317, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 44
+   37  10:50:10.379944 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 2956, win 4095, length 0
+   38  10:50:10.380586 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 4998:5186, ack 2956, win 4096, length 188
+   39  10:50:10.397660 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 2956:3028, ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 72
+   40  10:50:10.397833 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3028, win 4094, length 0
+   41  10:50:10.413471 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 3028:3136, ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 108
+   42  10:50:10.413539 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3136, win 4094, length 0
+   43  10:50:10.416235 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [P.], seq 3136:3312, ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 176
+   44  10:50:10.416295 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3312, win 4093, length 0
+   45  10:50:10.416417 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 5186:5222, ack 3312, win 4096, length 36
+   46  10:50:10.416417 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [P.], seq 5222:5282, ack 3312, win 4096, length 60
+   47  10:50:10.417744 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [F.], seq 5282, ack 3312, win 4096, length 0
+   48  10:50:10.446501 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5186, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,sack 1 {5282:5283}], length 0
+   49  10:50:10.446622 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [FP.], seq 5186:5282, ack 3312, win 4096, length 96
+   50  10:50:10.456121 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5222, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,sack 1 {5282:5283}], length 0
+   51  10:50:10.456127 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5283, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   52  10:50:10.456128 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [F.], seq 3312, ack 5283, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop], length 0
+   53  10:50:10.456384 IP 202.108.87.165.62146 > 223.132.53.222.22: Flags [.], ack 3313, win 4096, length 0
+   54  10:50:10.466614 IP 223.132.53.222.22 > 202.108.87.165.62146: Flags [.], ack 5283, win 340, options [nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,sack 1 {5186:5283}], length 0
diff --git a/tests/ssh.pcap b/tests/ssh.pcap
new file mode 100644
index 00000000..db435c00
--- /dev/null
+++ b/tests/ssh.pcap
diff --git a/win32/prj/WinDump.dsp b/win32/prj/WinDump.dsp
index 59b073f1..42ab44af 100644
--- a/win32/prj/WinDump.dsp
+++ b/win32/prj/WinDump.dsp
@@ -625,6 +625,10 @@ SOURCE="..\..\print-snmp.c"
 # End Source File
 # Begin Source File
 
+SOURCE="..\..\print-ssh.c"
+# End Source File
+# Begin Source File
+
 SOURCE="..\..\print-stp.c"
 # End Source File
 # Begin Source File
diff --git a/win32/prj/WinDump.vcproj b/win32/prj/WinDump.vcproj
index fff7b727..3c746f99 100644
--- a/win32/prj/WinDump.vcproj
+++ b/win32/prj/WinDump.vcproj
@@ -3175,6 +3175,28 @@
 			</FileConfiguration>
 		</File>
 		<File
+			RelativePath="..\..\print-ssh.c"
+			>
+			<FileConfiguration
+				Name="Debug|Win32"
+				>
+				<Tool
+					Name="VCCLCompilerTool"
+					AdditionalIncludeDirectories=""
+					PreprocessorDefinitions=""
+				/>
+			</FileConfiguration>
+			<FileConfiguration
+				Name="Release|Win32"
+				>
+				<Tool
+					Name="VCCLCompilerTool"
+					AdditionalIncludeDirectories=""
+					PreprocessorDefinitions=""
+				/>
+			</FileConfiguration>
+		</File>
+		<File
 			RelativePath="..\..\print-stp.c"
 			>
 			<FileConfiguration