Hi, I have Wireshark monitoring a TAP-Win32 Adapter connection installed with Cyberghost but the traffic doesn't show up as encrypted. Is this normal? And how do I check if traffic is encrypted through VPN. This happens with ProXPN also.
asked 12 Dec '10, 23:55
Yes, that is normal. If you capture on a virtual adapter that is used for a VPN connection you will see unencrypted packets in and out. The encryption happens when the virtual TAP adapter passes the data over to your physical network card. To see the encrypted traffic you need to capture on your "real" network card (wired or wireless) and you should see lots of encrypted packets.
In fact you can go and capture both with two Wireshark instances at the same time and then see how the unencrypted packets on the TAP adapter correlate to the physical adapter.