List of ports used for encryption

Question

I'm developing an app which captures packets and tells if the packet is encrypted. Do you have any idea to how find out if a packet is encrypted? I think there is no header telling us about encryption so i think maybe i should check the ports since some ports are used for some encryption protocols like TLS https or.... Which RFC should i check? I checked rfc1700 for well-known ports, but i think some ports are not listed and some encryption ports are not described as "used for encryption protocols or sth like it" . so I'm stuck

Answer 1

There are well known ports for some encrypted protocols like https, however aside from data that is sent to/from publicly known encrypted ports & protocols, there is no way to know if any particular packets contain encrypted data or not.

For example, a packet that contains the bytes ". . . 137 80 78 71 13 10 26 10 . . ." might be encrypted data or it might be part of a picture of a puppy. There's no way to know without knowing what the entire data stream is supposed to look like; then reassembling it and checking it against data and patterns that you can identify.

With unlimited resources, you could actually check the data stream against all known data types. This would let you say "That's an image file and it's a puppy" or "That's not an image file" but you still couldn't be sure if it's encrypted, random or just some other non-encrypted thing you don't know about.

Just to muddy the water further, any protocol can be sent over any port. The port numbers are just a convention. For example, there are apps that tunnel data using the DNS port.

Even more confusing is it actually could be a legitimate picture of a puppy, with data encoded into the image.