I setup a VPN using SoftEther VPN software, but I don't know if my web communications are encrypted. In the software, I have L2TP/IPsec and AES-256-SHA checked off/enabled, but I want to be sure that I'm not transmitting data that isn't unencrypted. Both of the computers are running Windows 7. I downloaded Wireshark, but I don't know how I can tell if the packets I send out are secure/encrypted.

TL;DR

Connected to VPN in my house. Enabled encryption in software, want to see if the packets are encrypted. How do I find encrypted packets and be sure that the connection is encrypted?

asked 30 Jul '13, 12:15

MastaChief11's gravatar image

MastaChief11
1124
accept rate: 0%

edited 31 Jul '13, 10:55


Connected to VPN in my house. Enabled encryption in software, want to see if the packets are encrypted. How do I find encrypted packets and be sure that the connection is encrypted?

without a VPN tunnel you would not be able to connect to any of your internal 'home/house' IP addresses from any location in the internet. So just by applying logic thinking, you can conclude, that encryption (or at least some tunnel technology) is in place if you are able to connect to those IP addresses, right?

Using Wireshark, you should see the encryption protocols you described, if you capture the communication off-box (means in front on any of the involved systems). You will see those encrypted packets with this display filter

lt2p or isakmp or esp

as long as you really use those tunnel protocols!

If you capture the traffic on-box (means the VPN client), it depends on the internals of the VPN client if Wireshark sees the unencrypted or the encrypted traffic. I can't tell, as I don't know SoftEther VPN. Just try it and you'll see...

Regards
Kurt

link

answered 08 Aug '13, 02:37

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
18.9k733181
accept rate: 15%

On the server, I sometimes see TLSv1 packets being sent from the server to the client, and the client to the server. Within these packets, I see that it says Secure Sockets Layer. However, I also see packets that are not encrypted, such as ones that are labeled TCP and UDP.

(08 Aug '13, 06:03) MastaChief11

I sometimes see TLSv1 packets being sent from the server to the client,

that could be simply HTTPS or an SSL based VPN.

(08 Aug '13, 14:20) Kurt Knochner ♦

On the client, I have something similar to "Encrypt connection with Secure Sockets Layer" checked off. Are you saying that my connection is encrypted?

(08 Aug '13, 17:03) MastaChief11
1

Are you saying that my connection is encrypted?

No. I am saying, that there seems to be a TLS/SSL secured connection between your client and your VPN Server. That could be

  • a TLS/SSL based VPN Tunnel, although you say you disabled that feature
  • the Admin GUI of the VPN Server, if you had that open from the client in parallel: https://vpnserver/admin/xzy.
  • Anything else that is hosted on the server that is your VPN server and your client was accessing that via HTTPS.

So, to come back to your original question, how you can verify if the connection is encrypted or not?

As you did not give any details about your network setup, let's just assume a standard setup.

VPN Client (10.1.1.x) --- Internet Router --- Internet -- VPN Server -- Internal/Home Server (192.168.1.x)

Please replace my sample IPs with the ones in your environment!

If you establish a VPN Tunnel from your client and you do a ping from 10.1.1.x to 192.168.1.x (CLI: ping 192.168.1.x), do you see that ping in the capture file?

If you can't see the ping (Display Filter: icmp) in the capture file and you get a response on the CLI, then there is a pretty good chance, that the VPN tunnel is established and the communication is encrypted (see my argument about applying logical thinking in my answer ;-)).

If you do see the ping in the capture file, then we really need more detailed information about your network setup.

(09 Aug '13, 05:08) Kurt Knochner ♦

The VPN Server that I am using is within my house, and on the same network that my client is on. I have SSL enabled within the client, but I don't know if TLS is enabled.

This is my setup (this is the equipment that I have, I'm not sure if this is the correct order):

VPN Client - VPN Server - Router - Internet

Should I type this into my Wireshark console (without the things in parenthesis)?

(Client) 192.168.1.134 --- (Server) 192.168.1.132 --- (Router) 192.168.1.1 -- (Public IP) 50.censored

I apologize for my inexperience.

(10 Aug '13, 06:00) MastaChief11
1

(Client) 192.168.1.134

is this your VPN client (the system that runs the VPN client software) or the system you connect to from the internet, using a VPN client on a laptop?

I have SSL enabled within the client, but I don't know if TLS is enabled.

SSL and TLS is almost the same (from a very high-level view - there are of course technical differences). Anyway, if you have enabled SSL, your VPN tunnel traffic (encrypted traffic) will appear as SSL (or TLS) protocol in Wireshark.

(10 Aug '13, 06:11) Kurt Knochner ♦

The IP that I listed as the client is running as the VPN client (it's running the VPN client software). This is a snapshot I took of Wireshark on my server last week.

http://www.vpnusers.com/download/file.php?id=117&mode=view

I noticed that not all of the packets are labeled TLSv1. The packet data on the lower half of the image is from the TLSv1 packet.

(10 Aug '13, 07:13) MastaChief11
1

The IP that I listed as the client is running as the VPN client (it's running the VPN client software).

O.K. what are you trying to do? Having a VPN Tunnel in the local network (client and VPN server are in the same subnet), is only useful in certain environments. Is this just a test?

The UDP packets in the screenshot could be part of the VPN tunnel. As I don't know your VPN software, I can't tell you.

please run the following commands on both the client and the server.

netstat -nab > netstat_client.txt
netstat -nab > netstat_server.txt

The command may take a few seconds, don't interrupt it! Please run the command as Administrator (e.g. in an elevated DOS box). Then post the content of text files here. I'm interested in the 'owner' of port 40000 (safetynetp).

The rest (SSL/TLS/https) is either part of the VPN tunnel or (as I already mentioned), the web admin GUI of the server, if that runs on port tcp/443 (https).

(10 Aug '13, 10:48) Kurt Knochner ♦

I wanted to get the VPN working at my house first (be sure I can connect to it, that it's encrypted, etc.), and then bring it to an office. The server does listen on port 443, and the client is configured to connect to the server via port 443.

I typed in "netstat -nab > netstat_client.txt" (as an Administrator), but it just skipped to the next line. However, typing only "netstat" did work, and this is the result.

imgur.com/sOAR6vX

Where would the file generate if the command worked?

Both computers are running Windows 7 64 Bit.

(11 Aug '13, 05:43) MastaChief11

I wanted to get the VPN working at my house first (be sure I can connect to it, that it's encrypted, etc.), and then bring it to an office.

well, then you will be able to establish a VPN tunnel, but you will not get any answer if you try to connect something through the tunnel, unless you simulated the office environment at your home.

I typed in "netstat -nab > netstat_client.txt" (as an Administrator), but it just skipped to the next line. However, typing only "netstat" did work, and this is the result.

I need the output of the file netstat_client.txt (command run on the client) and netstat_sever.txt (command run on the client). Both files will be created in the same directory where you executed the netstat command.

and this is the result. imgur.com/sOAR6vX

Unfortunately that does not help for two reasons.

  1. You ran the command only on the client
  2. You ran the command without option -b (actually -nab)!

The server does listen on port 443, and the client is configured to connect to the server via port 443.

O.K. then there is no reason why the traffic should not be encrypted, however, as I said above, you will have a hard time to test the tunnel, as you won't get an answer from anything "after" the tunnel, unless you simulated parts of the office environment at your home. BTW: What is the IP subnet in the office? If it is also 192.168.1.0/24, then you won't be able to test anything at your home, because the client and the systems that are supposed to be located 'behind' the VPN tunnel are in the same subnet!

(11 Aug '13, 11:30) Kurt Knochner ♦

I had to post this as an answer because I can't post more than 2500 characters if I post a comment. I censored a couple lines just in case they had sensitive information in them, but not much. This is the client file. I will post the server file very soon (within 15 minutes). As of 5:17 P.M., I removed the information pertaining to my antivirus.

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:9930           0.0.0.0:0              LISTENING
 [vpnclient_x64.exe]
  TCP    0.0.0.0:9983           0.0.0.0:0              LISTENING
 [vpnclient_x64.exe]
  TCP    0.0.0.0:12025          0.0.0.0:0              LISTENING
 [nvstreamsvc.exe]
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING

 [wininit.exe]
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING

  eventlog
 [svchost.exe]
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING

  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING

 [services.exe]
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING

  PolicyAgent
 [svchost.exe]
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING

 [lsass.exe]
  TCP    127.0.0.1:2559         0.0.0.0:0              LISTENING

 [daemonu.exe]
  TCP    127.0.0.1:2559         127.0.0.1:52380        TIME_WAIT

  TCP    127.0.0.1:5905         127.0.0.1:49179        ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:5905         127.0.0.1:49180        ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:5905         127.0.0.1:49181        ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:5905         127.0.0.1:49182        ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:5905         127.0.0.1:49183        ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:9930         127.0.0.1:49215        ESTABLISHED

 [vpnclient_x64.exe]
  TCP    127.0.0.1:9930         127.0.0.1:49217        ESTABLISHED

 [vpnclient_x64.exe]
  TCP    127.0.0.1:12025        0.0.0.0:0              LISTENING

 [AvastSvc.exe]
  TCP    127.0.0.1:12080        0.0.0.0:0              LISTENING

 [AvastSvc.exe]
  TCP    127.0.0.1:12110        0.0.0.0:0              LISTENING

 [AvastSvc.exe]
  TCP    127.0.0.1:12119        0.0.0.0:0              LISTENING

 [nvstreamsvc.exe]
  TCP    127.0.0.1:49180        127.0.0.1:5905         ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:49181        127.0.0.1:5905         ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:49182        127.0.0.1:5905         ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:49183        127.0.0.1:5905         ESTABLISHED

 [nvstreamsvc.exe]
  TCP    127.0.0.1:49215        127.0.0.1:9930         ESTABLISHED

 [vpncmgr_x64.exe]
  TCP    127.0.0.1:49217        127.0.0.1:9930         ESTABLISHED

 [vpncmgr_x64.exe]
  TCP    127.0.0.1:52441        127.0.0.1:47986        SYN_SENT

 [nvstreamsvc.exe]
  TCP    169.254.35.142:139     0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    192.168.1.134:139      0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    192.168.1.134:49306    173.194.43.6:80        CLOSE_WAIT

 [AvastUI.exe]
  TCP    192.168.1.134:49351    77.234.42.54:80        ESTABLISHED

 [AvastSvc.exe]
  TCP    192.168.1.134:52127    192.168.1.132:443      ESTABLISHED

 [vpnclient_x64.exe]
  TCP    192.168.1.134:52151    192.168.1.132:443      ESTABLISHED

 [vpnclient_x64.exe]
  TCP    192.168.1.134:52166    204.245.190.48:8*(Censored)      TIME_WAIT

  TCP    192.168.1.134:52288    72.233.69.4:443        TIME_WAIT

  TCP    192.168.1.134:52290    74.125.26.95:8*        TIME_WAIT

  TCP    192.168.1.134:52292    173.194.43.52:8*       TIME_WAIT

  TCP    192.168.1.134:52302    173.194.43.52:8*       TIME_WAIT

  TCP    192.168.1.134:52305    146.82.2.59:8*         TIME_WAIT

  TCP    192.168.1.134:52307    74.125.26.95:8*        TIME_WAIT

  TCP    192.168.1.134:52313    74.125.226.193:8*      TIME_WAIT

  TCP    192.168.1.134:52317    173.194.43.52:8*       TIME_WAIT

  TCP    192.168.1.134:52319    173.194.43.52:8*       TIME_WAIT

  TCP    192.168.1.134:52320    173.194.43.52:8*       TIME_WAIT

  TCP    192.168.1.134:52321    173.194.43.52:8*       TIME_WAIT

  TCP    192.168.1.134:52391    192.168.1.109:2869     TIME_WAIT

  TCP    192.168.1.134:52392    192.168.1.109:2869     ESTABLISHED

 [wmpnetwk.exe]
  TCP    [::]:135               [::]:0                 LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:445               [::]:0                 LISTENING
 Can not obtain ownership information
  TCP    [::]:5357              [::]:0                 LISTENING
 Can not obtain ownership information
  TCP    [::]:9983              [::]:0                 LISTENING
 [vpnclient_x64.exe]
  TCP    [::]:49152             [::]:0                 LISTENING
 [wininit.exe]
  TCP    [::]:49153             [::]:0                 LISTENING
  eventlog
 [svchost.exe]
  TCP    [::]:49154             [::]:0                 LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49155             [::]:0                 LISTENING
 [services.exe]
  TCP    [::]:49156             [::]:0                 LISTENING
  PolicyAgent
 [svchost.exe]
  TCP    [::]:49158             [::]:0                 LISTENING
 [lsass.exe]
  TCP    [::1]:12025            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12110            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12119            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12143            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12465            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12563            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12993            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12995            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:27275            [::]:0                 LISTENING
 [AvastSvc.exe]
  UDP    0.0.0.0:68             *:*                    
  Dhcp
 [svchost.exe]
  UDP    0.0.0.0:427            *:*                    
  HPSLPSVC
 [svchost.exe]
  UDP    0.0.0.0:500            *:*                    
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:889            *:*                    
 [spd.exe]
  UDP    0.0.0.0:3702           *:*                    
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:4500           *:*                    
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*                    
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:49152          *:*                    
 [vpnclient_x64.exe]
  UDP    0.0.0.0:51818          *:*                    
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:52953          *:*                    
 [spd.exe]
  UDP    0.0.0.0:59670          *:*                    
 [vpnclient_x64.exe]
  UDP    0.0.0.0:59671          *:*                    
 [vpncmgr_x64.exe]
  UDP    0.0.0.0:63365          *:*                    
  EventSystem
 [svchost.exe]
  UDP    127.0.0.1:1900         *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:44301        *:*                    
 [PnkBstrA.exe]
  UDP    127.0.0.1:48000        *:*                    
 [daemonu.exe]
  UDP    127.0.0.1:48001        *:*                    
 [nvtray.exe]
  UDP    127.0.0.1:48002        *:*                    
 [nvstreamsvc.exe]
  UDP    127.0.0.1:48003        *:*                    
 [NvTmru.exe]
  UDP    127.0.0.1:49200        *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    169.254.35.142:137     *:*                    
 Can not obtain ownership information
  UDP    169.254.35.142:138     *:*                    
 Can not obtain ownership information
  UDP    169.254.35.142:427     *:*                    
  HPSLPSVC
 [svchost.exe]
  UDP    169.254.35.142:1900    *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    169.254.35.142:49198   *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.134:137      *:*                    
 Can not obtain ownership information
  UDP    192.168.1.134:138      *:*                    
 Can not obtain ownership information
  UDP    192.168.1.134:427      *:*                    
  HPSLPSVC
 [svchost.exe]
  UDP    192.168.1.134:1900     *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.134:49199    *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.134:49842    *:*                    
 [vpnclient_x64.exe]
  UDP    [::]:500               *:*                    
  IKEEXT
 [svchost.exe]
  UDP    [::]:3702              *:*                    
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*                    
  EventSystem
 [svchost.exe]
  UDP    [::]:3702              *:*                    
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*                    
  EventSystem
 [svchost.exe]
  UDP    [::]:4500              *:*                    
  IKEEXT
 [svchost.exe]
  UDP    [::]:5355              *:*                    
  Dnscache
 [svchost.exe]
  UDP    [::]:51819             *:*                    
  FDResPub
 [svchost.exe]
  UDP    [::]:63366             *:*                    
  EventSystem
 [svchost.exe]
  UDP    [::1]:1900             *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:49197            *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::60:631c:e3e4:238e%1044]:1900  *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::60:631c:e3e4:238e%1044]:49195  *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::a8a1:be59:9656:32b8%11]:546  *:*                    
  Dhcp
 [svchost.exe]
  UDP    [fe80::a8a1:be59:9656:32b8%11]:1900  *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::a8a1:be59:9656:32b8%11]:49196  *:*                    
  SSDPSRV
 [svchost.exe]
(11 Aug '13, 14:05) MastaChief11

this is the output of the client. Can you please add the output of the server as well? I'm still trying to find port 40000 to figure out if that belongs to the VPN.

BTW: What is the IP subnet in the office? If it is also 192.168.1.0/24, then you won't be able to test anything at your home, because the client and the systems that are supposed to be located 'behind' the VPN tunnel are in the same subnet!

(11 Aug '13, 14:15) Kurt Knochner ♦

This is the server netstat output. .132 is the server, and .134 is the client. I found port 40000, and I highlighted and italicized it to make it easier to find (it's 2/3 of the way down). I won't be able to get the subnet at this moment, but I will find out when I can get there.

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING
 [vpnserver_x64.exe]
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:992            0.0.0.0:0              LISTENING
 [vpnserver_x64.exe]
  TCP    0.0.0.0:1194           0.0.0.0:0              LISTENING
 [vpnserver_x64.exe]
  TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  CryptSvc
 [svchost.exe]
  TCP    0.0.0.0:5555           0.0.0.0:0              LISTENING
 [vpnserver_x64.exe]
  TCP    0.0.0.0:12025          0.0.0.0:0              LISTENING
 [wininit.exe]
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  eventlog
 [svchost.exe]
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
 [services.exe]
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING
  PolicyAgent
 [svchost.exe]
  TCP    0.0.0.0:49160          0.0.0.0:0              LISTENING
 [lsass.exe]
  TCP    0.0.0.0:65494          0.0.0.0:0              LISTENING
 [vpnserver_x64.exe]
  TCP    127.0.0.1:12025        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12080        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12080        127.0.0.1:51530        TIME_WAIT
  TCP    127.0.0.1:12080        127.0.0.1:51550        TIME_WAIT
  TCP    127.0.0.1:12080        127.0.0.1:51554        TIME_WAIT
  TCP    127.0.0.1:12110        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12119        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12143        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12465        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12563        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12993        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:12995        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:27275        0.0.0.0:0              LISTENING
 [AvastSvc.exe]
  TCP    127.0.0.1:49158        0.0.0.0:0              LISTENING
 [THXAudNB.exe]
  TCP    127.0.0.1:51565        127.0.0.1:12080        TIME_WAIT
  TCP    192.168.1.132:139      0.0.0.0:0              LISTENING
 Can not obtain ownership information
  TCP    192.168.1.132:443      192.168.1.134:52127    ESTABLISHED
 [vpnserver_x64.exe]
  TCP    192.168.1.132:443      192.168.1.134:52151    ESTABLISHED
 [vpnserver_x64.exe]
  TCP    192.168.1.132:2869     192.168.1.1:55462      TIME_WAIT
  TCP    192.168.1.132:2869     192.168.1.1:55463      TIME_WAIT
  TCP    192.168.1.132:2869     192.168.1.1:55464      TIME_WAIT
  TCP    192.168.1.132:49219    168.62.204.227:443     ESTABLISHED
 [vpnserver_x64.exe]
  TCP    192.168.1.132:49308    173.194.43.8:80        CLOSE_WAIT
 [AvastUI.exe]
  TCP    192.168.1.132:49349    77.234.43.53:80        ESTABLISHED
 [AvastSvc.exe]
  TCP    192.168.1.132:51494    192.168.1.1:47010      TIME_WAIT
  TCP    192.168.1.132:51495    192.168.1.1:47010      TIME_WAIT
  TCP    192.168.1.132:51534    69.90.210.72:443       TIME_WAIT
  TCP    192.168.1.132:51536    69.90.210.72:443       TIME_WAIT
  TCP    192.168.1.132:51537    192.168.1.1:47010      TIME_WAIT
  TCP    192.168.1.132:51538    192.168.1.1:47010      TIME_WAIT
  TCP    192.168.1.132:51541    69.90.210.72:443       TIME_WAIT
  TCP    192.168.1.132:51543    69.90.210.72:443       TIME_WAIT
  TCP    192.168.1.132:51544    69.90.210.72:443       TIME_WAIT
  TCP    192.168.1.132:51546    69.90.210.72:443       TIME_WAIT
  TCP    192.168.1.132:51548    69.90.210.15:443       TIME_WAIT
  TCP    192.168.1.132:51553    64.71.175.126:443      TIME_WAIT
  TCP    192.168.1.132:51561    64.71.175.126:443      TIME_WAIT
  TCP    192.168.1.132:51562    64.71.175.126:443      TIME_WAIT
  TCP    192.168.1.132:51567    64.71.175.133:443      TIME_WAIT
  TCP    192.168.1.132:51568    64.71.175.133:443      TIME_WAIT
  TCP    192.168.1.132:51569    64.71.175.133:443      TIME_WAIT
  TCP    192.168.1.132:51570    130.158.6.77:80        TIME_WAIT
  TCP    192.168.1.132:51571    192.168.1.1:47010      TIME_WAIT
  TCP    192.168.1.132:51572    192.168.1.1:47010      TIME_WAIT
  TCP    [::]:135               [::]:0                 LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:443               [::]:0                 LISTENING
 [vpnserver_x64.exe]
  TCP    [::]:445               [::]:0                 LISTENING
 Can not obtain ownership information
  TCP    [::]:992               [::]:0                 LISTENING
 [vpnserver_x64.exe]
  TCP    [::]:1194              [::]:0                 LISTENING
 [vpnserver_x64.exe]
  TCP    [::]:2869              [::]:0                 LISTENING
 Can not obtain ownership information
  TCP    [::]:3389              [::]:0                 LISTENING
  CryptSvc
 [svchost.exe]
  TCP    [::]:5555              [::]:0                 LISTENING
 [vpnserver_x64.exe]
  TCP    [::]:49152             [::]:0                 LISTENING
 [wininit.exe]
  TCP    [::]:49153             [::]:0                 LISTENING
  eventlog
 [svchost.exe]
  TCP    [::]:49154             [::]:0                 LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49155             [::]:0                 LISTENING
 [services.exe]
  TCP    [::]:49156             [::]:0                 LISTENING
  PolicyAgent
 [svchost.exe]
  TCP    [::]:49160             [::]:0                 LISTENING
 [lsass.exe]
  TCP    [::]:65494             [::]:0                 LISTENING
 [vpnserver_x64.exe]
  TCP    [::1]:12025            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12110            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12119            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12143            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12465            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12563            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12993            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:12995            [::]:0                 LISTENING
 [AvastSvc.exe]
  TCP    [::1]:27275            [::]:0                 LISTENING
 [AvastSvc.exe]
  UDP    0.0.0.0:500            *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:889            *:*                    
 [spd.exe]
  UDP    0.0.0.0:1194           *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:3544           *:*                    
  iphlpsvc
 [svchost.exe]
  UDP    0.0.0.0:4500           *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:5355           *:*                    
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:7221           *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:49152          *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:49153          *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:49857          *:*                    
 [vpnserver_x64.exe]
  UDP    0.0.0.0:53080          *:*                    
 [spd.exe]
  UDP    0.0.0.0:64343          *:*                    
 [vpnsmgr_x64.exe]
  UDP    127.0.0.1:500          *:*                    
 [vpnserver_x64.exe]
  UDP    127.0.0.1:1194         *:*                    
 [vpnserver_x64.exe]
  UDP    127.0.0.1:1900         *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:4500         *:*                    
 [vpnserver_x64.exe]
  UDP    127.0.0.1:60885        *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.132:137      *:*                    
 Can not obtain ownership information
  UDP    192.168.1.132:138      *:*                    
 Can not obtain ownership information
  UDP    192.168.1.132:500      *:*                    
 [vpnserver_x64.exe]
  UDP    192.168.1.132:1194     *:*                    
 [vpnserver_x64.exe]
  UDP    192.168.1.132:1900     *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.132:4500     *:*                    
 ***[vpnserver_x64.exe]
  UDP    192.168.1.132:40000    *:****                    
 [vpnserver_x64.exe]
  UDP    192.168.1.132:60112    *:*                    
  iphlpsvc
 [svchost.exe]
  UDP    192.168.1.132:60884    *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [::]:500               *:*                    
 [vpnserver_x64.exe]
  UDP    [::]:1194              *:*                    
 [vpnserver_x64.exe]
  UDP    [::]:4500              *:*                    
 [vpnserver_x64.exe]
  UDP    [::]:5355              *:*                    
  Dnscache
 [svchost.exe]
  UDP    [::1]:500              *:*                    
 [vpnserver_x64.exe]
  UDP    [::1]:1194             *:*                    
 [vpnserver_x64.exe]
  UDP    [::1]:1900             *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:4500             *:*                    
 [vpnserver_x64.exe]
  UDP    [::1]:60883            *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [2001:0:5ef5:79fd:15:152f:cd62:5475]:500  *:*                    
 [vpnserver_x64.exe]
  UDP    [2001:0:5ef5:79fd:15:152f:cd62:5475]:1194  *:*                    
 [vpnserver_x64.exe]
  UDP    [2001:0:5ef5:79fd:15:152f:cd62:5475]:4500  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::15:152f:cd62:5475%13]:500  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::15:152f:cd62:5475%13]:1194  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::15:152f:cd62:5475%13]:4500  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::a08b:eff1:2a94:661b%12]:500  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::a08b:eff1:2a94:661b%12]:546  *:*                    
  Dhcp
 [svchost.exe]
  UDP    [fe80::a08b:eff1:2a94:661b%12]:1194  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::a08b:eff1:2a94:661b%12]:1900  *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::a08b:eff1:2a94:661b%12]:4500  *:*                    
 [vpnserver_x64.exe]
  UDP    [fe80::a08b:eff1:2a94:661b%12]:60882  *:*                    
  SSDPSRV
 [svchost.exe]
(11 Aug '13, 14:28) MastaChief11
1

As you can see, port udp/40000 also belongs to the VPN solution.

 UDP    192.168.1.132:40000    *:****                    
 [vpnserver_x64.exe]

If that is however VPN traffic (encrypted payload) or some form of status/management protocol, I can't tell you.

To sum it up. It looks like your VPN solution works (kind of). If you move the solution to the office, you may have to open more that just port tcp/443 on your office firewall to make the VPN work (port udp/40000 seems to be involved as well). However, that is 'a bit' off topic for this site and you better ask that question in the forum of the vendor.

(11 Aug '13, 14:42) Kurt Knochner ♦

As long as it is at my home, the ports won't need to be opened in order for the VPN to work properly (although I do have two of the ports that the VPN listens on open), and connection to be encrypted, correct?

(11 Aug '13, 18:35) MastaChief11
1

As long as it is at my home, the ports won't need to be opened in order for the VPN to work properly

Yes, as there is no firewall between the client and the server, except the Windows 7 firewall, which is (most certainly) automatically configured (during installation of the VPN software) to make the VPN work.

(12 Aug '13, 05:46) Kurt Knochner ♦

Would I be correct to say that the VPN works, but there is no way to be sure that the packets are encrypted, but it is very likely that they are encrypted?

(12 Aug '13, 08:07) MastaChief11

sounds reasonable.

(12 Aug '13, 14:19) Kurt Knochner ♦
showing 5 of 18 show 13 more comments

Watch the stream and look for negotiation using defined encryption protocols. If you know the data is compressed with bzip2, look for the strings 0x314159265359 and 0x177245385090. Unless headers are totally stripped out, they'll appear once for every block. You can take a guess at whether data is encrypted by following the stream and checking for entropy. The more entropy per bit, the more likely you're seeing encryption. This unfortunately applies to compression as well.

I would say that you can discern known encrypted, or known unencrypted. Differentiating encryption or compression would take a while and involve more complex code without header information for magic strings (like above) to give it away.

Regards http://www.education4world.net/

link

answered 24 Aug '13, 12:13

Ali%20Hassan's gravatar image

Ali Hassan
1
accept rate: 0%

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16)

Setup an access point on your mac, connect your phone. Ensure all your webpages on your phone are using HTTPS, and not HTTP.

Install a packet analyzer like Packet Peeper, Cocoa, Or Wireshark on your mac, and take samples while you transmit data with the Phone.

Take a look at the packets and their headers, all should be unreadable.

Regards http://www.virtualians.pk/

link

answered 24 Aug '13, 12:14

Irfan%20Khan's gravatar image

Irfan Khan
1
accept rate: 0%

Thanks for your help, Irfan, but I don't use Macs. Your suggestion is still appreciated though.

(30 Aug '13, 15:44) MastaChief11
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×790
×112
×79
×6
×1

Asked: 30 Jul '13, 12:15

Seen: 6,159 times

Last updated: 30 Aug '13, 15:44

powered by OSQA