2
I know that using SSL doesn't stop third parties from seeing what you're connecting to. Does it also not protect against third parties seeing what port you're connecting on?
2
I know that using SSL doesn't stop third parties from seeing what you're connecting to. Does it also not protect against third parties seeing what port you're connecting on?
7
Yes, they can.
To test this, I opened wireshark and browsed an SSL encrypted website.
Encapsulation is as follows:
Another proof of concept would be this: If the port numbers were encrypted, a layer 3 device such as a NATing router would have no idea where to forward the traffic to.
So only things in layers five and six are encrypted? What exactly do each of the layers contain? – Blacklight Shining – 2012-08-23T21:34:23.633
2
@BlacklightShining Explaining each of the layers is a bit beyond the scope of comments here, but you should look up the OSI Model for how data is ideally separated into layers, and the TCP/IP Model for how data is realistically separated into layers (because some of the distinctions in the OSI model are not worth the processing overhead, some layers are merged into a single layer in the TCP/IP model).
– Darth Android – 2012-08-23T21:57:07.840