Secure SHell(SSH) [1] provides TCP/IP port forwarding for any Application-layer protocols. It is useful in protecting the privacy of users, but it can lead to the illegal use of some forbidden protocols. Because of the encryption, the Deep Payload Inspection (DPI) technique is ineffective in classifying the network traffic. This paper introduces how to employ the statistical pattern recognition method, Maximum Likelihood Classification [2, 3], to classify the SSH tunneled traffic, i.e. to decide which protocols is tunneled in the encrypted tunnels. It is very important to find out the boundary of a tunneled flow in processing the originate data. So we proposed a method for detecting the boundaries of SSH tunneled traffic.