I recently subscribed to a VPN service for personal use so that my internet connection from home is fully encrypted. With all the spying and hacking revelations happening these days, I don’t mind having a little extra security on my side just in case. Once I installed the software on the computer and connected to the VPN, it seemed to work fine as far as I could tell.
But being a techie myself, I couldn’t just accept that everything worked without actually verifying that the encryption was turned on. So while I hadn’t fiddled with a packet sniffer and protocol analyzer, I went ahead and downloaded a network utility that actually let me see the data being transferred back and forth from my computer.
I checked the connection when I was not connected to the VPN and captured some packets and did the same when I was connected. I could easily see that the data being transferred was actually encrypted when sent to the VPN. In this article I’ll show you how to check if your connection is also encrypted.
If you don’t have any technical expertise, don’t worry. All you have to do is press a record button, scroll through a list and check some text. You can ignore everything else as it will mostly be gibberish unless you know something about computers and networking. On the Mac we’ll be using CocoaPacketAnalyzer and on the PC we will be using Wireshark†
Verify encryption on a Mac
First off, go ahead and download CocoaPacketAnalyzer on your Mac and run it. You should see the startup screen with four large buttons.
Capture is what you click to start capturing network traffic. When you save a capture session, it is called a trace file and you can reopen it later with the second button. However, for our purposes, we just want to see that the data is encrypted and that this data is not actually stored.
Before we do a recording, go ahead and click Preferences to set how we will record the data. click on To establish at the top and the only setting we need to check here is Recording interface†
First, make sure to hit the little Refresh button that’s to the right of the drop-down list. When you click on the box, you see a number of options, all of which look confusing. The only ones to choose from are the ones with IPv4 with some numbers behind it. You don’t have to pick the one that has 127.0.0.1. You want to choose the one that has the IP address for the connection you are currently using. You can find out by going to System Preferences and then click Network†
Click the green dot connection in the drop-down list on the left, then check the IP address field on the right. As you can see it says 192.168.1.x so that matches the en0 – IP4 – 192.168.1.68 option from the drop-down list in the program. Now go ahead and close the Capture Preferences window to go back to the main screen.
Go ahead and click to establish and you will now see a new dialog pop up where you can choose a few settings and then start the capture.
Here you don’t need to change anything for our purposes, so to get started just press Get started† Before you do this, however, there are some things to note. First, you should try to close all running programs and taskbar programs and keep only your browser window open. Network captures tons of data and even a few seconds will result in over thousands of rows of data. So to keep it simple, close everything and kill as many background processes as possible first, then click Start.
Then immediately load one or two sites and then click Stop† You only want to capture a few seconds and nothing more. It might even be a good idea to already type the web addresses into tabs in your browser and then you can just press Enter to load the pages once you start capturing.
Once you press Stop, you will see a window that looks like this:
This may seem like pure gibberish, but that’s fine. All you need to do is scroll through the list at the top, which is in tabular format, and look at the data you see in the bottom right box, which I’ve highlighted above. Since there are probably thousands of rows, you can just keep pressing the down arrow quickly and look at the data change at the bottom.
If your VPN connection is actually encrypted, each line you scroll through should display data similar to the data in the image above. Since it is unreadable and contains only a few random characters, it is encrypted. With an encrypted connection, nothing should be readable for any row in all those thousands of rows. Now let me show you what you see on an unencrypted connection, for example when you are not connected to a VPN:
As you can see above I can read a lot more stuff now that there is no coding. I see that I visited aseemkishore.com with a Mac and Safari and lots of other data. Not every packet will be as readable on an unencrypted connection, but for most packets you can see the actual data, HTML code, protocol headers, etc. As I said before, on an encrypted connection, not even a single packet will be understandable.
Verify encryption on a PC
The process for checking on a PC is much the same as I showed above, except you use another program called Wireshark. Once you’ve downloaded it, launch it and the home screen should look like this:
Just like on the Mac, you must first choose the interface (network interface) for which you want to capture the data. Click Interface List and you will see the list of network interfaces. I like Wireshark a bit better because you can see how much data is being transferred on each interface, making it easy to see which is the primary connection.
Go ahead and check the box next to the appropriate interface and then click Close to† Now all you have to do is click the Start button (below the Interface List button) and you’re good to go. You do not need to change any other options or anything for our purposes. Once you’ve completed a recording, you should see a screen like this:
You may need to expand the window to full screen and then adjust the bottom and top panels accordingly, but as you can see, the data is exactly the same size as CocoaPacketAnalyzer on the Mac. Scroll through the list at the top and make sure the data part is completely gibberish, meaning your connection is encrypted. If you can read words or text, it means that the data is not encrypted. Make sure to quickly scroll through at least a few hundred rows using the arrow keys.
Hopefully this post will put your mind at ease once you know that your VPN connection is truly securely encrypted! I know it made me feel a lot better. If you have any questions about the programs or have trouble interpreting the results, post a comment and I’ll try to help. Enjoying!