▲ 0 r/AskNetsec
Why wireshark marks as green some tcp packets from tor?
I was checking what I see when using TOR via wireshark.
Everything is ok, meaning that the tcp traffic is encrypted and marked light purple.
However I've noticed that a couple of packets inside this traffic are marked as green. Usually green are packets that wireshark can read. Why is that? The content seems to be encrypted too. Is it a "false positive" from how wireshark marks the packets?
In the details I see it marks it as "http".
u/0811930 — 1 day ago