Beat data with SSL vs unencrypted - no visible difference in the packets


I'm using metricbeat 6.2.4 on Windows and Logstash 6.3.0-1 on Debian 8.

I got SSL set up and then thought for the heck of it I'd compare packets in Wireshark and found that the traffic looks exactly the same when sending beats with and without SSL. I remember reading that without SSL the traffic is plaintext, so that was what I was expecting to see and just wanted to verify the SSL was set up properly. Can anyone explain why this is? Do the newer *beats have encryption of some sort baked in?

I believe the beats protocol by default applies compression, which may be what you are seeing.

Hey thanks for the quick answer. If noone else replies I will assume that is the case. It isn't like any super sensitive data is going to be sent over this aside from usernames but better safe than sorry. I don't want anyone to know my username is password!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.