Maybe it's a little paranoid but better safe than sorry
I recently subscribed to a VPN service for my personal use so that my Internet connection from home is completely encrypted. With all the spying and hacking revelations going on these days, I don’t mind having a little bit of extra security on my side just in case. Once I had installed the software on computer and connected to the VPN, it seemed to be working fine as far as I could tell.
However, being a techie person myself, I couldn’t just accept that everything was working without actually verifying that the encryption was enabled. So even though I hadn’t played around with a packet sniffer and protocol analyzer, I went ahead and downloaded a network utility that let me actually see the data being transferred back and forth from my computer.
I checked the connection when not connected to the VPN and captured some packets and then did the same thing when connected. Easily, I was able to see that the data being transferred was actually encrypted when being sent to the VPN. In this article, I’ll show you how you can verify if your connection is encrypted also.
If you don’t have any technical expertise, don’t really worry. All you need to do is press a record button, scroll through a list and check some text. You can ignore everything else as it’ll mostly be gibberish unless you know something about computers and networking. On the Mac we’re going to use CocoaPacketAnalyzer and on the PC we’re going to use Wireshark.
Verify Encryption on a Mac
Firstly, go ahead and download CocoaPacketAnalyzer on your Mac and run it. You should see the startup screen with four large buttons.
Capturing is what you’ll click on to start a capture of network traffic. If you save a capture session, it’s called a trace file and you can open those again later on using the second button. However, for our purposes, we just want to see the data is encrypted and won’t really be saving any of these captures.
Before we perform a capture, go ahead and click on Preferences to set up how we are going to capture the data. Click on Capture at the top and the only setting we need to check here is Capture Interface.
First, be sure to press the little Refresh button that is located to the right of the list box. When you click on the box, you’ll see a couple of options, all of which look confusing as heck. The only ones you’ll need to choose from are the ones that have IPv4 listed with some numbers after it. You don’t need to pick the one that has 127.0.0.1. You’ll want to pick the one that has the IP address for the connection you’re currently using. You can figure this out by going to System Preferences and then clicking on Network.
Click on the connection that has the green dot in the list box on the left and then check the IP address field on the right-hand section. As you can see, it says 192.168.1.x, so that matches the en0 – IP4 – 192.168.1.68 option in the dropdown list in the program. Now go ahead and close the Capture Preferences window to get back to the main screen.
Go ahead and click on Capturing and you’ll now see a new dialog pop up where you can pick a few settings and then start the capture.
Here you don’t need to change anything for our purposes, so to get start you just need to press Start. Before you do, however, there are some things to note. Firstly, you should try to close all program and taskbar programs running and only keep your browser window open. Network captures record tons of data and even a few seconds will result in more than a thousands rows of data. So to keep it simple, close everything and kill as many background processes as possible first, then click Start.
After doing that, immediately load one or two sites and then click Stop. You only want to capture for a few seconds and nothing more. It might even be a good idea to have the web addresses already typed into tabs in your browser and then you can just press Enter to load the pages once you start the capture.
Once you press Stop, you will see a window that looks like this:
Now this may look like absolute gibberish, but that’s fine. All you need to do is scroll through the list at the top, which is in table format and look at the data you see in the box in the lower right, which I highlighted above. Now since there are probably thousands of rows, you can just keep pressing the down arrow key fast and looking at the data change at the bottom.
If your VPN connection is actually encrypted, every line you scroll through should show data that looks like the data in the above image. Since it’s unreadable and just a bunch of random characters, it’s encrypted. With an encrypted connection, nothing should be readable for any row in all those thousands of rows. Now let me show you what you’ll see on an unencrypted connection, such as when you’re not connected to a VPN:
As you can see above, I can read a whole lot more stuff now that there is no encryption. I see I visited aseemkishore.com using a Mac and Safari and lots of other data. Not every packet will be this readable on an unencrypted connection, but for most packets you’ll be able to see the actual data, HTML code, protocol headers, etc. As I mentioned before, on an encrypted connection, not even a single packet will be understandable.
Verify Encryption on a PC
The process for checking on a PC is pretty much the same as I have shown above, except that you are using a different program called Wireshark. Once you download it, start it up and the home screen should look like this:
Like on the Mac, the first thing you’ll need to do is pick the interface (network interface) that you want to capture the data for. Click on Interface List and you’ll see the list of network interfaces. I like Wireshark a little better in that you can actually see how much data is being transferred on each interface, which makes it easy to see which one is the primary connection.
Go ahead and check the box next to the appropriate interface and then click Close. Now all you have to do is click on the Start button (below the Interface List button) and you’ll be good to go. You don’t have to change any other options or anything else for our purposes. Once you complete a capture, you should see an screen like this:
You may have to expand the window full-screen and then adjust the bottom and top panes accordingly, but as you can see the data is in the exact same format as CocoaPacketAnalyzer on the Mac. Scroll through the list at the top and make sure that data section is complete gibberish, which means your connection is encrypted. If you’re able to read any words or text, it means the data is not being encrypted. Make sure you browse through at least a couple of hundred rows quickly using the arrow keys.
Hopefully this post will put your mind at ease once you know your VPN connection is actually securely encrypted! I know it made me feel a lot better. If you have any questions about the programs or are having trouble interpreting the results, post a comment and I’ll try to help. Enjoy!