This is our old Q&A Site. Please post any new questions and answers at

as i have been reading , when using a VPN most stuff on wireshark should be basically unreadable.. so.. when it comes to DNS why can i see everything that is happening on the dns side of things? it all comes through in plain text to wireshark eg: or

152755  2108.687994000   DNS 76  Standard query 0x381f  A

and so forth i have no dns leaks.. tried on and a few n so forth im using Airvpn and cyberghost sepeartly mind you, and it is plain as day the dns requests.. are they scrambled through the vpn tunnel and spat out so only wireshark and my pc can read these or if i can see them so can everybody else? im sorry i dont know how to post a screen dump so maybe ill post on imgur if thats ok thank you

asked 24 Sep '15, 00:43

nitehawk's gravatar image

accept rate: 0%

edited 24 Sep '15, 01:49

grahamb's gravatar image

grahamb ♦

im going to post to expire box as i cannot work cloudshark. ive posted a snippet of time with vpn running i usew firefox tried another browser..Edge but it gave me the same thing im beginning to think its normal..


CMD routes

(24 Sep '15, 13:29) nitehawk

Only traffic sent through the VPN tunnel will be encrypted. Depending on the tunnel configuration it will either scoop up all traffic or only traffic for a particular destination, I'm not familiar with either of the VPN systems you mention so don't know if they can be configured to route all traffic into the tunnel.

It would appear that at least some of your DNS traffic isn't being sent via the tunnel.

This isn't really a Wireshark question, more about your VPN Config. You'll probably get better support on the forums for the VPN's you are using.

permanent link

answered 24 Sep '15, 01:56

grahamb's gravatar image

grahamb ♦
accept rate: 22%

hi , thanks for your awnser , im asking if its normal.. all traffic is going through VPN with both.. im on windows 10 with native program for each provider (their vpn program)

so im just trying to figure out why i can see things in wireshark in plain text if its supposed to be encrypted.. unless dns does something diffrent maybe someone else might know.

(24 Sep '15, 02:06) nitehawk

The vpn client will modify your routing table to direct traffic into the tunnel (use route print from a command line prompt).

The network resolver built into Windows just issues DNS requests to the configured DNS servers, then it's up to the network routing as to where those requests are sent.

You'll probably have to post a capture file to get any further, showing this DNS request and some encrypted vpn traffic. You could also post the contents of your routing table when the vpn is running as a comment here.

Can you share a capture in a publicly accessible spot, e.g. CloudShark, Google Drive, Dropbox, and post the link back here?

(24 Sep '15, 07:27) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 24 Sep '15, 00:43

question was seen: 22,799 times

last updated: 25 Sep '15, 02:57

p​o​w​e​r​e​d by O​S​Q​A