Comment by catlifeonmars
6 hours ago
Hehe true, SSH traffic is so characteristically obvious that the packet size and timing can be used as a side channel to leak information about a session.
Tangential: but I recall reading about a similar technique used on SRTP packets to guess the phonemes being uttered without needing to decrypt the traffic.
I guess you would need to either mimic a protocol that always uses a fixed packet size/rate (like a MPEG-TS video stream or something), or artificially pad/delay your packets to throw off detection methods.