Hehe true, SSH traffic is so characteristically obvious that the packet size and timing can be used as a side channel to leak information about a session.
Tangential: but I recall reading about a similar technique used on SRTP packets to guess the phonemes being uttered without needing to decrypt the traffic.
I guess you would need to either mimic a protocol that always uses a fixed packet size/rate (like a MPEG-TS video stream or something), or artificially pad/delay your packets to throw off detection methods.
Hehe true, SSH traffic is so characteristically obvious that the packet size and timing can be used as a side channel to leak information about a session.
Tangential: but I recall reading about a similar technique used on SRTP packets to guess the phonemes being uttered without needing to decrypt the traffic.
I guess you would need to either mimic a protocol that always uses a fixed packet size/rate (like a MPEG-TS video stream or something), or artificially pad/delay your packets to throw off detection methods.
would not be able to tell from websockets uses
I think most websockets do not sustain large amounts of bidirectional traffic for prolonged periods, so IMO this would immediately be suspicious.
My typical ssh session does not either.