I am trying to use wireshark to verify that my outgoing rsync is encrypted. I can easily see that the SSH protocol packets are reported as “Encrypted packet.” The other packets being exchanged are TCP packets, I am not sure how to actually verify if these are encrypted, and if not, if they contain anything sensitive.

Should TCP be encrypted? Can they leak anything when facilitating the ssh connection? How can I tell?

  • @PonzianiOP
    21 month ago

    Im a little knowledgeable with this stuff but i do not know how to see the “handshake” itself, but maybe this is synonymous with what i am doing:

    Right click any of the packets (TCP or SSH) > Follow > TCP stream

    From there i can see some info about the ssh protocol and connection, as well as the 2 devices communicating (Operating systems used) followed by random gibberish which is the encrypted data.

    When I analyze the TCP packet “frames”, they contain data including the motherboard manufacturer, but packets themselves look like its just gibberish.

    Thanks by the way for trying to help me :)

    • @[email protected]
      21 month ago

      Well, if

      1. Wireshark identifies it as a single stream
      2. Wireshark sees gibberish “TCP” and not an SSH connection
      3. The gibberish comes after the SSH stuff that you could see (the stuff in there is going to be the handshake, my bad, that is a bit of a technical term)

      Then we can be quite confident that your connection is indeed encrypted!

      And of course, you’re welcome!