17

Using Wireshark to verify encryption

posted
by
Avatar
Ponziani@sh.itjust.works
in
Avatar
linux4noobs@programming.dev
6 comments
hidereport

I am trying to use wireshark to verify that my outgoing rsync is encrypted. I can easily see that the SSH protocol packets are reported as “Encrypted packet.” The other packets being exchanged are TCP packets, I am not sure how to actually verify if these are encrypted, and if not, if they contain anything sensitive.

Should TCP be encrypted? Can they leak anything when facilitating the ssh connection? How can I tell?

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
Ponziani@sh.itjust.worksOP
2 points

Im a little knowledgeable with this stuff but i do not know how to see the “handshake” itself, but maybe this is synonymous with what i am doing:

Right click any of the packets (TCP or SSH) > Follow > TCP stream

From there i can see some info about the ssh protocol and connection, as well as the 2 devices communicating (Operating systems used) followed by random gibberish which is the encrypted data.

When I analyze the TCP packet “frames”, they contain data including the motherboard manufacturer, but packets themselves look like its just gibberish.

Thanks by the way for trying to help me :)

permalink
report
parent
reply
Avatar
yggdar@lemmy.world
2 points

Well, if

  1. Wireshark identifies it as a single stream
  2. Wireshark sees gibberish “TCP” and not an SSH connection
  3. The gibberish comes after the SSH stuff that you could see (the stuff in there is going to be the handshake, my bad, that is a bit of a technical term)

Then we can be quite confident that your connection is indeed encrypted!

And of course, you’re welcome!

permalink
report
parent
reply
Avatar
Ponziani@sh.itjust.worksOP
2 points

Ok thank you!

permalink
report
parent
reply

linux4noobs

!linux4noobs@programming.dev

Create post

linux4noobs

Noob Friendly, Expert Enabling

Whether you’re a seasoned pro or the noobiest of noobs, you’ve found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux’s ongoing evolution.

Seeking Support?
  • Mention your Linux distro and relevant system details.
  • Describe what you’ve tried so far.
  • Share your solution even if you found it yourself.
  • Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
  • Properly format any scripts, code, logs, or error messages.
  • Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.

Community Rules

  • Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
  • Posts must be Linux oriented
  • Spam or affiliate links will not be tolerated.

Community stats

  • 62

    Monthly active users

  • 136

    Posts

  • 1.1K

    Comments

Community moderators