Slight confusion with SSH tunneling.
I'm trying to learn the basics of SSH tunneling, and I followed a guide that I liked O'Reilly Network -- Using SSH Tunneling
So, I executed with the command syntax
I didn't want to test it with POP right off the bat, so I setup a small Netcat connection between my desktop and server on port 4200; the server was ran with
$sudo ssh -L 4200:server:4200 -l user -N server
and the desktop with
sudo netcat -l -p 4200
To establish a raw TCP connection between the two, in which I sent plaintext to view with tcpick.
The "server" in this case is the router for the network, and thus sees all the traffic. When I run tcpick on port 4200 and the interface my LAN is routed through, the data being sent on port 4200 is not encrypted.
I'm wondering if this is because since I'm already setting up the SSH connection on the server that I'm running the packet sniffing on, that it's going to see the data unencrypted no matter what. The only other machines on the network are all Windows so I haven't tried sniffing a connection tunneled between my desktop and one of them, but I'm pretty sure that the only reason I'm able to see the info unencrypted is because the machine I'm running the sniffing on is the "host" per se of the entire SSH tunnel and sees all the data unencrypted by the time it actually makes it to port 4200?
Just wondering if I've got the principles correct and a flawed test, and not the other way around.