test connection encryption

Discussion in 'privacy problems' started by lurningcerv, Oct 12, 2013.

Thread Status:
Not open for further replies.
  1. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    How can I easily test that a connection is encrypted. I've tried Wireshark, but so far it leaves a lot of unknowns. For example, I'm not sure in Wireshark where I'm intercepting the traffic. Another problem with Wireshark is that the only way that I'm aware of testing the traffic is by visually checking packets one at a time. This is obviously not good enough. Isn't there some software that can do an automated bulk check, or even a continuous monitoring of the connection for encryption?

    This question has been asked before in Wilder's. I've seen the thread and there is no good solution there yet.
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    99% of the time, running wireshark and sorting by IP so you can see that your IP connects to the VPN server and the VPN server connects to you, the only other data should be connections back and forth from your computer to your router. Most VPN company's force encryption, so if your connected you are encrypted.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    You can use "Follow UDP Stream" or "Follow TCP Stream" (as appropriate). Then you should see a lot of random garbage, and nothing meaningful. If you do that, for example, with an unencrypted webpage, you can save the output as a file, and open it with a browser.
     
  4. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    Thank you for the comments, but so far, Wireshark has only raised a lot of questions for me.

    (1) Wireshark installs a keylogger, which I blocked. Blocking the keylogger appears to cause some problems with the way WS works, for example in saving files. I can work around it, but if there is any WS version that does not install a keylogger, I would like to know about it.
    (2) I am seeing a huge number of conversations to may IP addresses using many protocols. This is even when my VPN software says I am connected to the VPN server using OpenVPN. For example, looking at the "conversations" screen, I see Ethernet 13, Ipv4, Ipv6, TAP, and UDP.
    (3) In some cases, someone appears to be resetting my connection. It didn't happen today, but yesterday I was looking at the interfaces and they would "zero out" every now and then, which I don't think should be happening.
    (4) I need an example of what I should be seeing when I'm connected to the net through a VPN. What I am seeing now is not what I expected, and it does not appear to be what those who responded to my question are describing.
     
  5. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    66
    What? Wireshark doesn't have a keylogger as far as I know. Can you provide more detail? How did you notice this? Where did you download Wireshark from?
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I hate how this forum uploads images. I will just link you. (http://i.imgur.com/6ibaaAy.png) This is how your traffic through Wireshark should look. "Taken from my PC"

    Notice how its my local number 192.168.0.6 connecting to the VPN server, and the VPN server connecting back and nothing else. You also should note the use of HTTPS port (443) and (UDP) being the protocol which is normal for most VPN's. You can see in the bottom right corner I'm using BolehVPN.

    You must make sure to run Wireshark on your main adapter, and not your TAP-9 adapter or you will see your unencrypted data, the only one that matters is your normal one and not the TAP-9.

    Wireshark has not got a keylogger, he is being silly.
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I use this guys site:

    I enabled security.tls.version.max to 3 in Firefox's about:config, and used his site to test.

    PD

    Edit: OK, disregard, thought you meant the browser
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    How did you come to this conclusion?
     
  9. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    probably with the help(!) of a false positive provided by a mediocre security software. :p
     
  10. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    Regarding Wireshark keylogger, Online Armor detects "programs capable of recording your keystrokes", see attachment.
     

    Attached Files:

  11. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
  12. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    Thank you for the image of the Wireshark output. It does not look like what I was getting. I intend to check this out to find out why in a few days.
     
  13. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    IDMB: Thank you for the comment on Online Armor keylogger detection. I read Nash's post and all that says to me is that maybe the keylogging is not used to to detect your passwords and maybe it is. So I'm supposed to whitelist a keylogger based on what somebody out there on the internet says? Doesn't make sense to me. I'll continue blocking these. Most software doesn't need to log keystrokes, and since it's a security risk.

    I'm still having the same issues with WS. It's unstable in my computer, sometimes locks up. Also, it's showing very strange stream outputs that are not what people are telling me is what I should expect.
     
  14. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    you're welcome, but it's not "somebody out there on the internet". it's mike nash, the ceo and founding member of tall emu, the very company that created online armor software.

    in 2010, online armor was acquired by emsisoft. here:
    http://www.emsisoft.com/en/kb/articles/news100701/
     
  15. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    Thank you for the output. I'm still working on it. My output in some cases looks essentially the same, but sometimes quite different. Very often I'm getting numerous other protocols - ARP, SSDP, NBNS, ICMPv6, and some others - along with the UDP or TCP stream. Also, I'm getting reset by someone, probably my ISP, even when I'm active online. But I appreciate the sample stream you provided.
     
  16. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Lots of those requests are normal, you should disable everything but IPV4 in your network adapters and disable the adapters your not using. If those requests are just being sent back and forth from your router to your computer that's normal, and in most cases is just your router and computer checking to see if each other are still there.
     
Loading...
Thread Status:
Not open for further replies.