I recently signed up for a VPN service for personal use, so my home internet connection is completely encrypted. With all the spying and hacking revelations going on these days, I don’t mind having a little extra protection on my side just in case. After I installed the software on my computer and connected to the VPN, it seemed to work fine as far as I could tell.
However, as a technician, I couldn’t just agree that everything works without checking that encryption is on. So even though I didn’t play with the packet sniffer and protocol analyzer, I went ahead and downloaded a network utility that allowed me to see the data sent back and forth from my computer.
I checked the connection when I was not connected to the VPN and intercepted a few packets and then did the same on connecting. I could easily see that the transmitted data was actually encrypted when sent to the VPN. In this article, I will show you how to check if your connection is encrypted.
If you don’t have technical knowledge, don’t worry. All you have to do is hit the record button, scroll through the list and check the text. You can ignore everything else, because it would be gibberish if you don’t understand computers and networks. On a Mac we are going to use CocoaPacketAnalyzer, and on a PC we are going to use Wireshark
Check encryption on a Mac
First, download CocoaPacketAnalyzer on your Mac and launch it. You should see a start screen with four large buttons.
Capture is what you click on to start capturing network traffic. If you save the capture session, it is called a trace file and you can open it later using the second button. However, for our purposes, we just want to see that the data is encrypted and we won’t save any of these captures.
Before we do the capture, click on Settings to customize how the data is collected. Click on Capture at the top and the only setting we need to check is the capture interface.
First, don’t forget to click the little Update button to the right of the list. When you click on that box, you’ll see several options, and they’re all pretty damn confusing. You will need to select only those in which IPv4 is listed with some numbers after it. You don’t need to choose the one with 127.0.0.1. You need to choose the one that has the IP address for the connection you are currently using. You can find out by going to System Preferences and clicking Network.
Click the green dot connection in the list on the left, and then check the IP address field on the right. As you can see, it says 192.168.1.x, which corresponds to the en0 – IP4 – 192.168.1.68 parameter in the dropdown list of the program. Now close the capture settings window to return to the main screen.
Go ahead and click Capture and you will now see a new pop-up dialog where you can select multiple options and then start capturing.
Here you do not need to change anything for our purposes, so first you just need to click Start. Before you do this, however, there are a few things to note. First, you should try to close all running programs and programs on the taskbar and leave only the browser window open. The web is capturing record tons of data, and in even a few seconds you will get over a thousand lines of data. So for the sake of simplicity, close everything and first kill as many background processes as possible and then click “Start”.
After that, immediately load one or two sites and click “Stop”. You only want to shoot for a few seconds and nothing more. It would even be nice if the web addresses were already entered in the tabs in your browser, and then you could just hit Enter to load the pages after the capture starts.
After you click Stop, you will see a window that looks like this:
This may sound like sheer gibberish, but that’s okay. All you have to do is scroll through the list at the top, which is presented in a table, and look at the data that you see in the box in the lower right corner that I highlighted above. Now, since there are probably thousands of lines, you can just quickly press the down arrow key and watch the data change below.
If your VPN connection is indeed encrypted, each scrolling line should display data similar to the data in the image above. Since it is unreadable and only contains a bunch of random characters, it is encrypted. With an encrypted connection, nothing should be readable for any line in all those thousands of lines. Now let me show you what you will see on an unencrypted connection, for example when you are not connected to a VPN:
As you can see above, now that there is no encryption I can read a lot more. I see that I have logged into aseemkishore.com using Mac, Safari and many other data. Not every packet will be readable on an unencrypted connection, but for most packets, you will be able to see the actual data, HTML, protocol headers, etc. As I mentioned earlier, not even a single packet will be understood on an encrypted connection.
Check the encryption on the computer
The verification process on PC is almost the same as I showed above, except that you are using a different program called Wireshark Once downloaded, launch it and the main screen should look like this:
As on Mac, the first thing you need to do is select the interface (network interface) for which you want to collect data. Click on “Interface List” and you will see a list of network interfaces. I like Wireshark a bit more because you can see how much data is being transferred on each interface, making it easy to see which one is the main connection.
Go ahead and check the box next to the corresponding interface, and then click the Close button. Now all you have to do is hit the Start button (under the Interface List button) and you should be fine. You do not need to change any other parameters or anything else for our purposes. After the capture is complete, you should see a screen like this:
You may need to maximize the window to full screen and then adjust the bottom and top panels accordingly, but as you can see, the data is in the same format as CocoaPacketAnalyzer on Mac. Scroll down the list at the top and make sure the data section is complete nonsense, which means your connection is encrypted. If you can read any words or text, it means that the data is not encrypted. Make sure you quickly scroll through at least a couple of hundred lines using the arrow keys.
Hopefully this post will reassure you when you find out that your VPN connection is indeed securely encrypted! I know it made me feel so much better. If you have any questions about the programs or have problems interpreting the results, please leave a comment and I will try to help. Enjoy!
–