this post was submitted on 26 Jul 2024
18 points (95.0% liked)
linux4noobs
1335 readers
1 users here now
linux4noobs
Noob Friendly, Expert Enabling
Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.
Seeking Support?
- Mention your Linux distro and relevant system details.
- Describe what you've tried so far.
- Share your solution even if you found it yourself.
- Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
- Properly format any scripts, code, logs, or error messages.
- Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.
Community Rules
- Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
- Posts must be Linux oriented
- Spam or affiliate links will not be tolerated.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TCP is on a lower level than SSH, usually SSH uses TCP as its underlying transport layer. TCP as such is not encrypted, but it can of course be used to transport encrypted data.
Are those packages not part of the same SSH connection according to Wireshark?
It looks like everything is in 1 stream, maybe that answers your question? I am capturing traffic only on port 22 briefly while the rsync is running to look at the packets
If the timestamps line up, maybe Wireshark just doesn't manage to understand the entire exchange. What could happen is that Wireshark sees the SSH handshake, and after that it might become just encrypted gibberish due to the encryption. In that case the SSH traffic could just show up as "some kind of TCP".
Do you see an SSH handshake, followed by random crap on the same ports?
(I'm not a Wireshark expert, just an IT guy trying to help!)
Im a little knowledgeable with this stuff but i do not know how to see the "handshake" itself, but maybe this is synonymous with what i am doing:
Right click any of the packets (TCP or SSH) > Follow > TCP stream
From there i can see some info about the ssh protocol and connection, as well as the 2 devices communicating (Operating systems used) followed by random gibberish which is the encrypted data.
When I analyze the TCP packet "frames", they contain data including the motherboard manufacturer, but packets themselves look like its just gibberish.
Thanks by the way for trying to help me :)
Well, if
Then we can be quite confident that your connection is indeed encrypted!
And of course, you're welcome!
Ok thank you!