Daniel Underwood wrote: > Thanks for the help. > > I couldn't find any flags/fields in TCP packets indicated whether > encrypted (as in the case of SSH packets). There isn't any, right?
No. TCP (Transport Layer) knows nothing about encryption/encoding, and hence there is no room (or need) within the headers to signify those details. TCP provides reliable data transit, and really nothing more. Encryption happens higher up in the stack, and it is the responsibility of the application (or some function) to do this work. TCP provides the connection, in which you can throw any type of data you please. It does not care what type of data you put into it; it has no way of inherently finding that out. To find out the flags/configuration/techniques used by the application before it stuffs it's data into a packet, you have to read the data after it's been extracted from the packet all the way up near the application layer. Wireshark can 'dissect' each packet for numerous applications and protocols, hence it has the ability to inform you about encryption as in my previous SSH example. That is why I captured the entire packet with tcpdump (via the -s0 flag). If you don't, tcpdump will not capture enough information to decode the packet. Steve
smime.p7s
Description: S/MIME Cryptographic Signature