[Snort-users] Indentifying encrypted traffic

Ed Padin epadin at ...200...
Wed Aug 16 17:54:28 EDT 2000


Hi,

I have a need for indentifying if a specific host is using encrypted traffic
and perhaps what type of encryption is used. I know that SSL and SSH are
specifically designed to hide their contents but is there a way to tell, in
the initial negotiation phase of the protocol, what type of encryption is in
use?

I know that SSH servers will spit out a plain text prompt when you do a TCP
connect. Is there anything in the SSL negotiation that is discernable with a
tool like snort?

Thanks.




More information about the Snort-users mailing list