If i tunnel any tcp traffic true ssh or any ssl encrypted protocol will some one capturing the traffic capable of do some kind of offline decrypting using the capture file ?? What technic they use to do that !?
In my company we had to call a network provider to analyze our network traffic because of some suspicious activities in our network, they connect some snort like system..., and i don't think the procedure is valid to find a smart ore experienced Attacker
Short Answer: Mostly Likely Not. Your Traffic will be encrypted. However, it is possible to read the data by other means.
If the sniffer is some type of malware on either your machine or the receiving end as it could view the data before the payload is encrypted or after its de-capsulated.
If the attacker obtained the SSL certificate and is performing some kind of MiTM attack.
If the encryption key was obtained by other means.
If there is a zero day exploit that can be used against SSL, TLS to obtain sensitive traffic.
Edit: In addition to your added comment, you would be somewhat correct. Snort is an opensource IDS/IPS and if the data being inspected by the system was encrypted snort would be unable to read any signatures off the traffic. However if there was any suspicious/malicious traffic that could be emanating from the network that could be related to an attacker obtaining the data snort would probably identify the exploit signatures coming and going.
