The SSH one is probably easiest to detect. When you first connect to a session the public key fingerprint of the server is saved in your ~/.ssh/known_hosts file. If you can verify this out of band somehow actually is the correct fingerprint (call a friend and ask them to connect and get it), then chances are it's not being tampered with. Essentially it would have had to have happened the first time you connected to the server, and every single time afterwards else OpenSSH makes it very, very clear you've been hijacked.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
     
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Yeah. So if you don't remember seeing that and the fingerprint is correct, probably nobody has been tampering with the connection. Which would imply that they've either cracked the cipher and are tampering with it anyway (unlikely as hell), that your DNS requests are somehow leaking (somewhat likely) or maybe it's some sort of nocebo effect. Hard to say for certain, wireshark might be the place to go in order to find out some more about your outgoing DNS requests though.