[Snort-users] Indentifying encrypted traffic

Ed Padin epadin at ...200...
Wed Aug 16 17:54:28 EDT 2000


I have a need for indentifying if a specific host is using encrypted traffic
and perhaps what type of encryption is used. I know that SSL and SSH are
specifically designed to hide their contents but is there a way to tell, in
the initial negotiation phase of the protocol, what type of encryption is in

I know that SSH servers will spit out a plain text prompt when you do a TCP
connect. Is there anything in the SSL negotiation that is discernable with a
tool like snort?


More information about the Snort-users mailing list