It represents a typical north American home network traffic. The data set is collected over one month period in my home router. I'm not an expert on TLS.īut it seems that Golang provides latest version TLS implementation where majority web server uses in the the old configuration I used in my Python notebook is vmess over TCP. From initial parsing result by Wireshark, V2ray TLS with websocket uses TLS v1.3 which doesn't show key exchange communication but other legitimate web broswer HTTPS traffic still uses TLS v1.2 does show completely different pattern of key exchange process. From my initial observation in Wireshark, the answer might be not. But it would be interesting to see if TLS with websocket and TLS with HTTP/2 can be masqueraded with other legitimate web browser HTTPS traffic. But TLS with tcp shows very similar encrypted packet pattern like vmess over TCP without TLS.įor sure, pure vmess over TCP can be easily classified now from my previous research.
In vmess protocol, TLS with websocket ws or TLS with http/2 http shows a typical TLS clear text communication- client hello, server hello but without server/client key exchange like HTTPS in our web browser.
I did another round configuration trials with TLS today.
0 kommentar(er)
