Do I Need to Turn Off My VPN to See My Activity Stream Correctly?

asked 2019-08-24 05:58:10 +0000

Whenever I capture my activity stream with Wireshark and my VPN is running I see a bunch of OpenVPN's, Do I need to turn of the VPN to see the true activity?

answered 2019-08-24 09:26:00 +0000

You're probably capturing on your "external" interface and so will only see the encrypted VPN traffic.

The VPN will usually create a separate interface you can capture on, and that that interface will have the plain traffic.

What OS are you running?

It becomes tricky when you have split tunneling. I usually identify the destination ip and then match it against the routing table "route print" to check which interface I need to capture on.

I am running the latest version of Windows 10. (I'm also using the Wireshark 101 book).

OK, so which interface are you capturing on? Probably easiest to list the interfaces from the command line with:

path\to\tshark.exe -D

replacing path\to with the actually path, likely to be C:\Program Files\Wireshark.

Thank you for answering me. I believe I am over my head and need to take some tutorials prior to the Wireshark one. Again, thank you.

