Beat data with SSL vs unencrypted - no visible difference in the packets

beatit · June 19, 2018, 3:55pm

Greets.

I'm using metricbeat 6.2.4 on Windows and Logstash 6.3.0-1 on Debian 8.

I got SSL set up and then thought for the heck of it I'd compare packets in Wireshark and found that the traffic looks exactly the same when sending beats with and without SSL. I remember reading that without SSL the traffic is plaintext, so that was what I was expecting to see and just wanted to verify the SSL was set up properly. Can anyone explain why this is? Do the newer *beats have encryption of some sort baked in?

Christian_Dahlqvist · June 19, 2018, 4:01pm

I believe the beats protocol by default applies compression, which may be what you are seeing.

beatit · June 19, 2018, 4:10pm

Hey thanks for the quick answer. If noone else replies I will assume that is the case. It isn't like any super sensitive data is going to be sent over this aside from usernames but better safe than sorry. I don't want anyone to know my username is password!

Topic		Replies	Views
How secure filebeat communication with logstash without SSL Beats filebeat	4	672	February 24, 2020
Using ssl between filebeat client and logstash server Logstash	1	739	July 6, 2017
After implementation all beats data not showing in discover Beats beats-module , packetbeat , metricbeat , winlogbeat , auditbeat	3	385	October 25, 2021
Capturing clear text beats traffic with wireshark Beats winlogbeat	2	1155	February 8, 2021
Packet Beat support protocol HTTPS? Beats packetbeat	3	1432	July 21, 2016

Beat data with SSL vs unencrypted - no visible difference in the packets

Related topics