This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I tell if my connection is encrypted?

0

I setup a VPN using SoftEther VPN software, but I don't know if my web communications are encrypted. In the software, I have L2TP/IPsec and AES-256-SHA checked off/enabled, but I want to be sure that I'm not transmitting data that isn't unencrypted. Both of the computers are running Windows 7. I downloaded Wireshark, but I don't know how I can tell if the packets I send out are secure/encrypted.

TL;DR

Connected to VPN in my house. Enabled encryption in software, want to see if the packets are encrypted. How do I find encrypted packets and be sure that the connection is encrypted?

asked 30 Jul '13, 12:15

MastaChief11's gravatar image

MastaChief11
1124
accept rate: 0%

edited 31 Jul '13, 10:55


3 Answers:

2

Connected to VPN in my house. Enabled encryption in software, want to see if the packets are encrypted. How do I find encrypted packets and be sure that the connection is encrypted?

without a VPN tunnel you would not be able to connect to any of your internal 'home/house' IP addresses from any location in the internet. So just by applying logic thinking, you can conclude, that encryption (or at least some tunnel technology) is in place if you are able to connect to those IP addresses, right?

Using Wireshark, you should see the encryption protocols you described, if you capture the communication off-box (means in front on any of the involved systems). You will see those encrypted packets with this display filter

lt2p or isakmp or esp

as long as you really use those tunnel protocols!

If you capture the traffic on-box (means the VPN client), it depends on the internals of the VPN client if Wireshark sees the unencrypted or the encrypted traffic. I can't tell, as I don't know SoftEther VPN. Just try it and you'll see...

Regards
Kurt

answered 08 Aug '13, 02:37

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

On the server, I sometimes see TLSv1 packets being sent from the server to the client, and the client to the server. Within these packets, I see that it says Secure Sockets Layer. However, I also see packets that are not encrypted, such as ones that are labeled TCP and UDP.

(08 Aug '13, 06:03) MastaChief11

I sometimes see TLSv1 packets being sent from the server to the client,

that could be simply HTTPS or an SSL based VPN.

(08 Aug '13, 14:20) Kurt Knochner ♦

On the client, I have something similar to "Encrypt connection with Secure Sockets Layer" checked off. Are you saying that my connection is encrypted?

(08 Aug '13, 17:03) MastaChief11
1

Are you saying that my connection is encrypted?

No. I am saying, that there seems to be a TLS/SSL secured connection between your client and your VPN Server. That could be

  • a TLS/SSL based VPN Tunnel, although you say you disabled that feature
  • the Admin GUI of the VPN Server, if you had that open from the client in parallel: https://vpnserver/admin/xzy.
  • Anything else that is hosted on the server that is your VPN server and your client was accessing that via HTTPS.

So, to come back to your original question, how you can verify if the connection is encrypted or not?

As you did not give any details about your network setup, let's just assume a standard setup.

VPN Client (10.1.1.x) --- Internet Router --- Internet -- VPN Server -- Internal/Home Server (192.168.1.x)

Please replace my sample IPs with the ones in your environment!

If you establish a VPN Tunnel from your client and you do a ping from 10.1.1.x to 192.168.1.x (CLI: ping 192.168.1.x), do you see that ping in the capture file?

If you can't see the ping (Display Filter: icmp) in the capture file and you get a response on the CLI, then there is a pretty good chance, that the VPN tunnel is established and the communication is encrypted (see my argument about applying logical thinking in my answer ;-)).

If you do see the ping in the capture file, then we really need more detailed information about your network setup.

(09 Aug '13, 05:08) Kurt Knochner ♦

The VPN Server that I am using is within my house, and on the same network that my client is on. I have SSL enabled within the client, but I don't know if TLS is enabled.

This is my setup (this is the equipment that I have, I'm not sure if this is the correct order):

VPN Client - VPN Server - Router - Internet

Should I type this into my Wireshark console (without the things in parenthesis)?

(Client) 192.168.1.134 --- (Server) 192.168.1.132 --- (Router) 192.168.1.1 -- (Public IP) 50.censored

I apologize for my inexperience.

(10 Aug '13, 06:00) MastaChief11
1

(Client) 192.168.1.134

is this your VPN client (the system that runs the VPN client software) or the system you connect to from the internet, using a VPN client on a laptop?

I have SSL enabled within the client, but I don't know if TLS is enabled.

SSL and TLS is almost the same (from a very high-level view - there are of course technical differences). Anyway, if you have enabled SSL, your VPN tunnel traffic (encrypted traffic) will appear as SSL (or TLS) protocol in Wireshark.

(10 Aug '13, 06:11) Kurt Knochner ♦

The IP that I listed as the client is running as the VPN client (it's running the VPN client software). This is a snapshot I took of Wireshark on my server last week.

http://www.vpnusers.com/download/file.php?id=117&mode=view

I noticed that not all of the packets are labeled TLSv1. The packet data on the lower half of the image is from the TLSv1 packet.

(10 Aug '13, 07:13) MastaChief11
1

The IP that I listed as the client is running as the VPN client (it's running the VPN client software).

O.K. what are you trying to do? Having a VPN Tunnel in the local network (client and VPN server are in the same subnet), is only useful in certain environments. Is this just a test?

The UDP packets in the screenshot could be part of the VPN tunnel. As I don't know your VPN software, I can't tell you.

please run the following commands on both the client and the server.

netstat -nab > netstat_client.txt
netstat -nab > netstat_server.txt

The command may take a few seconds, don't interrupt it! Please run the command as Administrator (e.g. in an elevated DOS box). Then post the content of text files here. I'm interested in the 'owner' of port 40000 (safetynetp).

The rest (SSL/TLS/https) is either part of the VPN tunnel or (as I already mentioned), the web admin GUI of the server, if that runs on port tcp/443 (https).

(10 Aug '13, 10:48) Kurt Knochner ♦

I wanted to get the VPN working at my house first (be sure I can connect to it, that it's encrypted, etc.), and then bring it to an office. The server does listen on port 443, and the client is configured to connect to the server via port 443.

I typed in "netstat -nab > netstat_client.txt" (as an Administrator), but it just skipped to the next line. However, typing only "netstat" did work, and this is the result.

imgur.com/sOAR6vX

Where would the file generate if the command worked?

Both computers are running Windows 7 64 Bit.

(11 Aug '13, 05:43) MastaChief11

I wanted to get the VPN working at my house first (be sure I can connect to it, that it's encrypted, etc.), and then bring it to an office.

well, then you will be able to establish a VPN tunnel, but you will not get any answer if you try to connect something through the tunnel, unless you simulated the office environment at your home.

I typed in "netstat -nab > netstat_client.txt" (as an Administrator), but it just skipped to the next line. However, typing only "netstat" did work, and this is the result.

I need the output of the file netstat_client.txt (command run on the client) and netstat_sever.txt (command run on the client). Both files will be created in the same directory where you executed the netstat command.

and this is the result. imgur.com/sOAR6vX

Unfortunately that does not help for two reasons.

  1. You ran the command only on the client
  2. You ran the command without option -b (actually -nab)!

The server does listen on port 443, and the client is configured to connect to the server via port 443.

O.K. then there is no reason why the traffic should not be encrypted, however, as I said above, you will have a hard time to test the tunnel, as you won't get an answer from anything "after" the tunnel, unless you simulated parts of the office environment at your home. BTW: What is the IP subnet in the office? If it is also 192.168.1.0/24, then you won't be able to test anything at your home, because the client and the systems that are supposed to be located 'behind' the VPN tunnel are in the same subnet!

(11 Aug '13, 11:30) Kurt Knochner ♦

I had to post this as an answer because I can't post more than 2500 characters if I post a comment. I censored a couple lines just in case they had sensitive information in them, but not much. This is the client file. I will post the server file very soon (within 15 minutes). As of 5:17 P.M., I removed the information pertaining to my antivirus.

Active Connections

Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:9930 0.0.0.0:0 LISTENING [vpnclient_x64.exe] TCP 0.0.0.0:9983 0.0.0.0:0 LISTENING [vpnclient_x64.exe] TCP 0.0.0.0:12025 0.0.0.0:0 LISTENING [nvstreamsvc.exe] TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING

[wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING

eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING

Schedule [svchost.exe] TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING

[services.exe] TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING

PolicyAgent [svchost.exe] TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING

[lsass.exe] TCP 127.0.0.1:2559 0.0.0.0:0 LISTENING

[daemonu.exe] TCP 127.0.0.1:2559 127.0.0.1:52380 TIME_WAIT

TCP 127.0.0.1:5905 127.0.0.1:49179 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:5905 127.0.0.1:49180 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:5905 127.0.0.1:49181 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:5905 127.0.0.1:49182 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:5905 127.0.0.1:49183 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:9930 127.0.0.1:49215 ESTABLISHED

[vpnclient_x64.exe] TCP 127.0.0.1:9930 127.0.0.1:49217 ESTABLISHED

[vpnclient_x64.exe] TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING

[AvastSvc.exe] TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING

[AvastSvc.exe] TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING

[AvastSvc.exe] TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING

[nvstreamsvc.exe] TCP 127.0.0.1:49180 127.0.0.1:5905 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:49181 127.0.0.1:5905 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:49182 127.0.0.1:5905 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:49183 127.0.0.1:5905 ESTABLISHED

[nvstreamsvc.exe] TCP 127.0.0.1:49215 127.0.0.1:9930 ESTABLISHED

[vpncmgr_x64.exe] TCP 127.0.0.1:49217 127.0.0.1:9930 ESTABLISHED

[vpncmgr_x64.exe] TCP 127.0.0.1:52441 127.0.0.1:47986 SYN_SENT

[nvstreamsvc.exe] TCP 169.254.35.142:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.1.134:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.1.134:49306 173.194.43.6:80 CLOSE_WAIT

[AvastUI.exe] TCP 192.168.1.134:49351 77.234.42.54:80 ESTABLISHED

[AvastSvc.exe] TCP 192.168.1.134:52127 192.168.1.132:443 ESTABLISHED

[vpnclient_x64.exe] TCP 192.168.1.134:52151 192.168.1.132:443 ESTABLISHED

[vpnclient_x64.exe] TCP 192.168.1.134:52166 204.245.190.48:8*(Censored) TIME_WAIT

TCP 192.168.1.134:52288 72.233.69.4:443 TIME_WAIT

TCP 192.168.1.134:52290 74.125.26.95:8* TIME_WAIT

TCP 192.168.1.134:52292 173.194.43.52:8* TIME_WAIT

TCP 192.168.1.134:52302 173.194.43.52:8* TIME_WAIT

TCP 192.168.1.134:52305 146.82.2.59:8* TIME_WAIT

TCP 192.168.1.134:52307 74.125.26.95:8* TIME_WAIT

TCP 192.168.1.134:52313 74.125.226.193:8* TIME_WAIT

TCP 192.168.1.134:52317 173.194.43.52:8* TIME_WAIT

TCP 192.168.1.134:52319 173.194.43.52:8* TIME_WAIT

TCP 192.168.1.134:52320 173.194.43.52:8* TIME_WAIT

TCP 192.168.1.134:52321 173.194.43.52:8* TIME_WAIT

TCP 192.168.1.134:52391 192.168.1.109:2869 TIME_WAIT

TCP 192.168.1.134:52392 192.168.1.109:2869 ESTABLISHED

[wmpnetwk.exe] TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:9983 [::]:0 LISTENING [vpnclient_x64.exe] TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49155 [::]:0 LISTENING [services.exe] TCP [::]:49156 [::]:0 LISTENING PolicyAgent [svchost.exe] TCP [::]:49158 [::]:0 LISTENING [lsass.exe] TCP [::1]:12025 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12110 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12119 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12143 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12465 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12563 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12993 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12995 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:27275 [::]:0 LISTENING [AvastSvc.exe] UDP 0.0.0.0:68 :
Dhcp [svchost.exe] UDP 0.0.0.0:427 :
HPSLPSVC [svchost.exe] UDP 0.0.0.0:500 :
IKEEXT [svchost.exe] UDP 0.0.0.0:889 :
[spd.exe] UDP 0.0.0.0:3702 :
EventSystem [svchost.exe] UDP 0.0.0.0:3702 :
FDResPub [svchost.exe] UDP 0.0.0.0:3702 :
FDResPub [svchost.exe] UDP 0.0.0.0:3702 :
EventSystem [svchost.exe] UDP 0.0.0.0:4500 :
IKEEXT [svchost.exe] UDP 0.0.0.0:5355 :
Dnscache [svchost.exe] UDP 0.0.0.0:49152 :
[vpnclient_x64.exe] UDP 0.0.0.0:51818 :
FDResPub [svchost.exe] UDP 0.0.0.0:52953 :
[spd.exe] UDP 0.0.0.0:59670 :
[vpnclient_x64.exe] UDP 0.0.0.0:59671 :
[vpncmgr_x64.exe] UDP 0.0.0.0:63365 :
EventSystem [svchost.exe] UDP 127.0.0.1:1900 :
SSDPSRV [svchost.exe] UDP 127.0.0.1:44301 :
[PnkBstrA.exe] UDP 127.0.0.1:48000 :
[daemonu.exe] UDP 127.0.0.1:48001 :
[nvtray.exe] UDP 127.0.0.1:48002 :
[nvstreamsvc.exe] UDP 127.0.0.1:48003 :
[NvTmru.exe] UDP 127.0.0.1:49200 :
SSDPSRV [svchost.exe] UDP 169.254.35.142:137 :
Can not obtain ownership information UDP 169.254.35.142:138 :
Can not obtain ownership information UDP 169.254.35.142:427 :
HPSLPSVC [svchost.exe] UDP 169.254.35.142:1900 :
SSDPSRV [svchost.exe] UDP 169.254.35.142:49198 :
SSDPSRV [svchost.exe] UDP 192.168.1.134:137 :
Can not obtain ownership information UDP 192.168.1.134:138 :
Can not obtain ownership information UDP 192.168.1.134:427 :
HPSLPSVC [svchost.exe] UDP 192.168.1.134:1900 :
SSDPSRV [svchost.exe] UDP 192.168.1.134:49199 :
SSDPSRV [svchost.exe] UDP 192.168.1.134:49842 :
[vpnclient_x64.exe] UDP [::]:500 :
IKEEXT [svchost.exe] UDP [::]:3702 :
FDResPub [svchost.exe] UDP [::]:3702 :
EventSystem [svchost.exe] UDP [::]:3702 :
FDResPub [svchost.exe] UDP [::]:3702 :
EventSystem [svchost.exe] UDP [::]:4500 :
IKEEXT [svchost.exe] UDP [::]:5355 :
Dnscache [svchost.exe] UDP [::]:51819 :
FDResPub [svchost.exe] UDP [::]:63366 :
EventSystem [svchost.exe] UDP [::1]:1900 :
SSDPSRV [svchost.exe] UDP [::1]:49197 :
SSDPSRV [svchost.exe] UDP [fe80::60:631c:e3e4:238e%1044]:1900 :
SSDPSRV [svchost.exe] UDP [fe80::60:631c:e3e4:238e%1044]:49195 :
SSDPSRV [svchost.exe] UDP [fe80::a8a1:be59:9656:32b8%11]:546 :
Dhcp [svchost.exe] UDP [fe80::a8a1:be59:9656:32b8%11]:1900 :
SSDPSRV [svchost.exe] UDP [fe80::a8a1:be59:9656:32b8%11]:49196 :
SSDPSRV [svchost.exe]

(11 Aug ‘13, 14:05) MastaChief11

this is the output of the client. Can you please add the output of the server as well? I’m still trying to find port 40000 to figure out if that belongs to the VPN.

BTW: What is the IP subnet in the office? If it is also 192.168.1.0/24, then you won’t be able to test anything at your home, because the client and the systems that are supposed to be located ‘behind’ the VPN tunnel are in the same subnet!

(11 Aug ‘13, 14:15) Kurt Knochner ♦

This is the server netstat output. .132 is the server, and .134 is the client. I found port 40000, and I highlighted and italicized it to make it easier to find (it’s 2/3 of the way down). I won’t be able to get the subnet at this moment, but I will find out when I can get there.

Active Connections

Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:443 0.0.0.0:0 LISTENING [vpnserver_x64.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:992 0.0.0.0:0 LISTENING [vpnserver_x64.exe] TCP 0.0.0.0:1194 0.0.0.0:0 LISTENING [vpnserver_x64.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING CryptSvc [svchost.exe] TCP 0.0.0.0:5555 0.0.0.0:0 LISTENING [vpnserver_x64.exe] TCP 0.0.0.0:12025 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING PolicyAgent [svchost.exe] TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING [lsass.exe] TCP 0.0.0.0:65494 0.0.0.0:0 LISTENING [vpnserver_x64.exe] TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12080 127.0.0.1:51530 TIME_WAIT TCP 127.0.0.1:12080 127.0.0.1:51550 TIME_WAIT TCP 127.0.0.1:12080 127.0.0.1:51554 TIME_WAIT TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:27275 0.0.0.0:0 LISTENING [AvastSvc.exe] TCP 127.0.0.1:49158 0.0.0.0:0 LISTENING [THXAudNB.exe] TCP 127.0.0.1:51565 127.0.0.1:12080 TIME_WAIT TCP 192.168.1.132:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.1.132:443 192.168.1.134:52127 ESTABLISHED [vpnserver_x64.exe] TCP 192.168.1.132:443 192.168.1.134:52151 ESTABLISHED [vpnserver_x64.exe] TCP 192.168.1.132:2869 192.168.1.1:55462 TIME_WAIT TCP 192.168.1.132:2869 192.168.1.1:55463 TIME_WAIT TCP 192.168.1.132:2869 192.168.1.1:55464 TIME_WAIT TCP 192.168.1.132:49219 168.62.204.227:443 ESTABLISHED [vpnserver_x64.exe] TCP 192.168.1.132:49308 173.194.43.8:80 CLOSE_WAIT [AvastUI.exe] TCP 192.168.1.132:49349 77.234.43.53:80 ESTABLISHED [AvastSvc.exe] TCP 192.168.1.132:51494 192.168.1.1:47010 TIME_WAIT TCP 192.168.1.132:51495 192.168.1.1:47010 TIME_WAIT TCP 192.168.1.132:51534 69.90.210.72:443 TIME_WAIT TCP 192.168.1.132:51536 69.90.210.72:443 TIME_WAIT TCP 192.168.1.132:51537 192.168.1.1:47010 TIME_WAIT TCP 192.168.1.132:51538 192.168.1.1:47010 TIME_WAIT TCP 192.168.1.132:51541 69.90.210.72:443 TIME_WAIT TCP 192.168.1.132:51543 69.90.210.72:443 TIME_WAIT TCP 192.168.1.132:51544 69.90.210.72:443 TIME_WAIT TCP 192.168.1.132:51546 69.90.210.72:443 TIME_WAIT TCP 192.168.1.132:51548 69.90.210.15:443 TIME_WAIT TCP 192.168.1.132:51553 64.71.175.126:443 TIME_WAIT TCP 192.168.1.132:51561 64.71.175.126:443 TIME_WAIT TCP 192.168.1.132:51562 64.71.175.126:443 TIME_WAIT TCP 192.168.1.132:51567 64.71.175.133:443 TIME_WAIT TCP 192.168.1.132:51568 64.71.175.133:443 TIME_WAIT TCP 192.168.1.132:51569 64.71.175.133:443 TIME_WAIT TCP 192.168.1.132:51570 130.158.6.77:80 TIME_WAIT TCP 192.168.1.132:51571 192.168.1.1:47010 TIME_WAIT TCP 192.168.1.132:51572 192.168.1.1:47010 TIME_WAIT TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:443 [::]:0 LISTENING [vpnserver_x64.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:992 [::]:0 LISTENING [vpnserver_x64.exe] TCP [::]:1194 [::]:0 LISTENING [vpnserver_x64.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3389 [::]:0 LISTENING CryptSvc [svchost.exe] TCP [::]:5555 [::]:0 LISTENING [vpnserver_x64.exe] TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49155 [::]:0 LISTENING [services.exe] TCP [::]:49156 [::]:0 LISTENING PolicyAgent [svchost.exe] TCP [::]:49160 [::]:0 LISTENING [lsass.exe] TCP [::]:65494 [::]:0 LISTENING [vpnserver_x64.exe] TCP [::1]:12025 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12110 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12119 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12143 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12465 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12563 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12993 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:12995 [::]:0 LISTENING [AvastSvc.exe] TCP [::1]:27275 [::]:0 LISTENING [AvastSvc.exe] UDP 0.0.0.0:500 :
[vpnserver_x64.exe] UDP 0.0.0.0:889 :
[spd.exe] UDP 0.0.0.0:1194 :
[vpnserver_x64.exe] UDP 0.0.0.0:3544 :
iphlpsvc [svchost.exe] UDP 0.0.0.0:4500 :
[vpnserver_x64.exe] UDP 0.0.0.0:5355 :
Dnscache [svchost.exe] UDP 0.0.0.0:7221 :
[vpnserver_x64.exe] UDP 0.0.0.0:49152 :
[vpnserver_x64.exe] UDP 0.0.0.0:49153 :
[vpnserver_x64.exe] UDP 0.0.0.0:49857 :
[vpnserver_x64.exe] UDP 0.0.0.0:53080 :
[spd.exe] UDP 0.0.0.0:64343 :
[vpnsmgr_x64.exe] UDP 127.0.0.1:500 :
[vpnserver_x64.exe] UDP 127.0.0.1:1194 :
[vpnserver_x64.exe] UDP 127.0.0.1:1900 :
SSDPSRV [svchost.exe] UDP 127.0.0.1:4500 :
[vpnserver_x64.exe] UDP 127.0.0.1:60885 :
SSDPSRV [svchost.exe] UDP 192.168.1.132:137 :
Can not obtain ownership information UDP 192.168.1.132:138 :
Can not obtain ownership information UDP 192.168.1.132:500 :
[vpnserver_x64.exe] UDP 192.168.1.132:1194 :
[vpnserver_x64.exe] UDP 192.168.1.132:1900 :
SSDPSRV [svchost.exe] UDP 192.168.1.132:4500 :
[vpnserver_x64.exe] UDP 192.168.1.132:40000 :
[vpnserver_x64.exe] UDP 192.168.1.132:60112 :
iphlpsvc [svchost.exe] UDP 192.168.1.132:60884 :
SSDPSRV [svchost.exe] UDP [::]:500 :
[vpnserver_x64.exe] UDP [::]:1194 :
[vpnserver_x64.exe] UDP [::]:4500 :
[vpnserver_x64.exe] UDP [::]:5355 :
Dnscache [svchost.exe] UDP [::1]:500 :
[vpnserver_x64.exe] UDP [::1]:1194 :
[vpnserver_x64.exe] UDP [::1]:1900 :
SSDPSRV [svchost.exe] UDP [::1]:4500 :
[vpnserver_x64.exe] UDP [::1]:60883 :
SSDPSRV [svchost.exe] UDP [2001:0:5ef5:79fd:15:152f:cd62:5475]:500 :
[vpnserver_x64.exe] UDP [2001:0:5ef5:79fd:15:152f:cd62:5475]:1194 :
[vpnserver_x64.exe] UDP [2001:0:5ef5:79fd:15:152f:cd62:5475]:4500 :
[vpnserver_x64.exe] UDP [fe80::15:152f:cd62:5475%13]:500 :
[vpnserver_x64.exe] UDP [fe80::15:152f:cd62:5475%13]:1194 :
[vpnserver_x64.exe] UDP [fe80::15:152f:cd62:5475%13]:4500 :
[vpnserver_x64.exe] UDP [fe80::a08b:eff1:2a94:661b%12]:500 :
[vpnserver_x64.exe] UDP [fe80::a08b:eff1:2a94:661b%12]:546 :
Dhcp [svchost.exe] UDP [fe80::a08b:eff1:2a94:661b%12]:1194 :
[vpnserver_x64.exe] UDP [fe80::a08b:eff1:2a94:661b%12]:1900 :
SSDPSRV [svchost.exe] UDP [fe80::a08b:eff1:2a94:661b%12]:4500 :
[vpnserver_x64.exe] UDP [fe80::a08b:eff1:2a94:661b%12]:60882 :
SSDPSRV [svchost.exe]

(11 Aug ‘13, 14:28) MastaChief11
1

As you can see, port udp/40000 also belongs to the VPN solution.

 UDP    192.168.1.132:40000    :***                 
[vpnserver_x64.exe]

If that is however VPN traffic (encrypted payload) or some form of status/management protocol, I can’t tell you.

To sum it up. It looks like your VPN solution works (kind of). If you move the solution to the office, you may have to open more that just port tcp/443 on your office firewall to make the VPN work (port udp/40000 seems to be involved as well). However, that is ‘a bit’ off topic for this site and you better ask that question in the forum of the vendor.

(11 Aug ‘13, 14:42) Kurt Knochner ♦

As long as it is at my home, the ports won’t need to be opened in order for the VPN to work properly (although I do have two of the ports that the VPN listens on open), and connection to be encrypted, correct?

(11 Aug ‘13, 18:35) MastaChief11
1

As long as it is at my home, the ports won’t need to be opened in order for the VPN to work properly

Yes, as there is no firewall between the client and the server, except the Windows 7 firewall, which is (most certainly) automatically configured (during installation of the VPN software) to make the VPN work.

(12 Aug ‘13, 05:46) Kurt Knochner ♦

Would I be correct to say that the VPN works, but there is no way to be sure that the packets are encrypted, but it is very likely that they are encrypted?

(12 Aug ‘13, 08:07) MastaChief11

sounds reasonable.

(12 Aug ‘13, 14:19) Kurt Knochner ♦
showing 5 of 18 show 13 more comments

0

Watch the stream and look for negotiation using defined encryption protocols. If you know the data is compressed with bzip2, look for the strings 0x314159265359 and 0x177245385090. Unless headers are totally stripped out, they'll appear once for every block. You can take a guess at whether data is encrypted by following the stream and checking for entropy. The more entropy per bit, the more likely you're seeing encryption. This unfortunately applies to compression as well.

I would say that you can discern known encrypted, or known unencrypted. Differentiating encryption or compression would take a while and involve more complex code without header information for magic strings (like above) to give it away.

Regards http://www.education4world.net/

answered 24 Aug '13, 12:13

Ali%20Hassan's gravatar image

Ali Hassan
1
accept rate: 0%

0

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16)

Setup an access point on your mac, connect your phone. Ensure all your webpages on your phone are using HTTPS, and not HTTP.

Install a packet analyzer like Packet Peeper, Cocoa, Or Wireshark on your mac, and take samples while you transmit data with the Phone.

Take a look at the packets and their headers, all should be unreadable.

Regards http://www.virtualians.pk/

answered 24 Aug '13, 12:14

Irfan%20Khan's gravatar image

Irfan Khan
1
accept rate: 0%

Thanks for your help, Irfan, but I don't use Macs. Your suggestion is still appreciated though.

(30 Aug '13, 15:44) MastaChief11