Encrypting your network traffic is important for those who want to keep their personal or business activities private and secure.
Whether you want to secure and hide your traffic from people on a public Wi-Fi hotspot, at home or at work, then encrypting your network traffic is crucial to make sure you keep your data secure.
You can secure your network traffic using a VPN (Virtual Private Network), whether that be OpenVPN, NordVPN or several others.
I personally like and recommend IpVanish (#CommissionsEarned).
IpVanish is fast, has unlimited bandwidth and they don’t log any of your traffic, which some VPN providers do.
They also provide software and apps for Windows, Mac, Android and iOS.
So if you decide to use a VPN to encrypt your traffic, then it’s worthwhile as an extra step, just to check that your VPN is actually scrambling your traffic and doing the job that it is supposed to do.
So let’s look at some of the steps that you can take today to ensure that your traffic is secure.
I think it’s probably a good exercise to do in any case as you will hopefully learn something along the way!
Check your existing IP
When your network traffic goes through a VPN it essentially masks your IP address.
Using a site like https://whatismyipaddress.com/ you can find your publicly accessible IP address.
A VPN will obscure your IP to a random location somewhere in the world, protecting your privacy and your data.
Though a VPN may show as if it is working correctly, it may be running faulty software, or the program may not be doing what it claims to be do.
But by running tests, you can check that your traffic is secure.
But how do you actually check that your traffic is encrypted?
IP Leak test
Check your IP by typing “what’s my IP” into Google and write down the alphanumeric code.
Now turn your VPN provider on and run the same test.
If your IP hasn’t changed then your IP is not being obscured and your traffic isn’t secure.
IP leaks can come from multiple sources and may not always be your VPN provider’s fault.
Whether that be through your web browser, browser plugins like Adobe Flash, or your operating system itself.
However, quality VPN software should always negate these leaks.
However even if your IP is being obscured, the data packets themselves may not actually be encrypted.
So, we are going to show you how to use some popular tools to check there is no package leakage.
Interestingly, in a recent study, it was found that 18% of Android VPO applications do not even encrypt your data.
Simply obscuring your IP is just the start of the checks you should carry out to ensure that your network is secure.
DNS Leak
Your DNS (Domain Name System) requests are handled by your ISP (Internet Service Provider) and these servers are generally insecure.
Whenever you type a website into your browser that request is handled by a DNS Server which translate the names into the IP address of the server that hosts the website.
Most’s ISP’s use a Transparent DNS Proxy, which means they can intercept all DNS requests going through their server.
So, they know the IP address of where the request is coming from and where it is going to.
So, your ISP can see your web history, and your IP could be revealed through your DNS Server.
You can use a site like DNS Leak test: https://www.dnsleaktest.com/ to check whether your real IP address can be seen through your DNS Server.
You may find that your IP has been changed but your DNS still shows as your original IP.
Your DNS is revealing your actual IP.
Good VPN software will return the same IP address from the IP and DNS leak tests.
They should have built in DNS leak protection.
You can even choose a VPN provider with encrypted zero log DNS Servers which provide the maximum level of privacy.
Dropped/Failed VPN Connection
Most VPN software has an inbuilt kill switch.
This switch constantly monitors your network connection.
Any problems in your connectivity, or a dropped connection will turn your VPN off and reveal your IP.
So, if you have just had problems with your Wi-Fi, make sure to have your VPN application window open and check that you are still connected before continuing to browse.
A dropped connection will essentially reset your VPN, which will need to be manually reconnected in most cases.
Also, unless you are monitoring your internet connection, this could drop out momentarily whilst you are reading a web page.
Top brand VPN providers will allow you to turn the kill switch off in the settings, which means even if the internet connection drops and you must reconnect, they will not stop the VPN.
Some will also allow you to set the VPN connection to auto start when you boot up and reconnect if your internet connection is dropped.
Anything that relies on you having to check manually is liable to go wrong at some point.
Checking your packets are secure with Wireshark
Even if your IP and your DNS is secured and your VPN Provider will continue to work when your internet connection drops, the most important part of having your network traffic encrypted is that your data packets cannot be snooped.
All upload and downloads through a web browser and on your computer are done through data packets.
In the header of this packet is your IP Address and then all the information which you are trying to protect.
There are lots of software which can scan your packets but Wireshark is one of the best and many of the alternatives do not do it as well, or to the same depth.
Wireshark runs on all major platforms, which is a boon for Windows users.
Also, it allows you to run complex and deep inspections of packet data through a GUI or Shark Utility, making it easy to use for professional security experts and technology enthusiasts alike.
We can use the software to follow a stream of packets and see if it being encrypted by your VPN provider in transit.
You can download Wireshark for free here: https://www.wireshark.org/#download.
Once downloaded you can use the application to inspect your data packets where the Protocol is set to the one used by your VPN Provider.
When a packet is unencrypted, it can be read. Like this for example:
However, when you see a packet of data which consists of alphanumeric characters and looks like gibberish, then this means that your data is encrypted and cannot be read by anybody else. Like this for example:
Let’s look at some other common leaks which can occur, which are less commonly known about:
IPV6 Leaks
Today, most of the internet’s connections are routed through IPV6 connections. Which stands for Internet Protocol Version 6.
Previously this was IPV4.
A lot of traffic runs on both. But some substandard or outdated software may only obfuscate IPV4.
These address blocks started to be ramped down in 2012 and stopped being assigned to new companies in 2018.
There are two ways that you can circumvent this.
You can either disable IPV6 traffic on your computer or simply use a VPN that you know provides built in IPV6 leak protection.
Bearing in mind disabling IPV6 traffic may prevent you looking at companies who now only operate on IPV6 address blocks since mid-2018
WebRTC/ STUN
WebRTC leaks were quite a talking point a few years ago, because it revealed a vulnerability within the web browser itself.
Malicious websites can be used to try to reveal your IP by gaining access to the peripherals on your computers, like say your microphone or web camera.
Thus, tricking your browser into revealing your IP.
You can check this by using IPLeak.net which checks for all types of VPN leaks including RTC.
Also, all major browsers now have extensions or scripts which you can run which prevent RTC leaks, in the rare case that this may happen to you.
The script adjusts your config files to ensure that websites cannot maliciously access peripherals on your computer without your expressed permission.
Conclusion
If encrypting your network and your data is crucial to you and your business, there are so many easy ways for you to reveal not just your IP but also errant data and connections into your system.
From IP and DNS leaks, to software that does not even encrypt your data packets, the cost of you not encrypting your data could be enormous, and if you are not an experienced cyber security professional then running through this litany of checks every time you choose to go online is going to be too much to ask.
One thing all these leaks have in common is that they can all be remedied by using a great VPN provider like IpVanish (#CommissionsEarned)
VPN providers are cheap as chips these days, with some giving you a year cover for 3 devices from as little as $35.
A great VPN provider will have all these leaks plugged as part of their software.
Though there are a host of free VPN providers online, if keeping yourself anonymous and secure is important to you then you are probably better off paying a bit extra for some peace of mind.
