> > There's not really any good option here, since the interesting
> > bits are encrypted, and saying ninep is not a lie, so I'm
> > inclined just to leave it alone. There's certainly no point in
> > printing unknown("hello 9fans!"), since as I mentioned above,
> > it's either 9P or encrypted 9P, never plain text.

> It certainly have plain text on the first packet:
> p9 rc4_256 sha1
> I am not sure if this is 9P.

No, it's not. There is a negotiation that happens first, specific to cpu,
and then there is a generic factotum authentication protocol that happens
afterward (if p9 is what is chosen by the cpu negotiation),
and then the bulk of the connection is in fact encrypted 9P.
Printing the hex is still the best choice: only the first little bit has
text, and even that has some NULs and the like for framing.
The auth protocol has some text strings embedded but it's mostly