Testing connection with Wireshark

[Milou13 0]

Ok boys and girls

 

Been testing my connection with wireshark. Have a few questions. Hope to get my answers here. Here we go:

Option one: User->VPN

 

Everything looks perfect. There's just one conversation, which encrypted as well. Question #1. How's wireshark still able to see my browsed urls? See pics below

 

 

Option two.

User->SSL(VPN)

 

 

Question #2. Why some of connections is in plain TCP not TLSV1.2?

Question #3. Why wireshark sees my urls? See pic below

 

 

Thanks a lot!

[zhang888 1066]

Wireshark, just like any privileged software on your system can see your traffic before it is encrypted inside the tunnel.

In order to monitor DNS requests only, even a low privileged process is sufficient in many cases.

TLS occurs after your traffic leaves the local adapter, so if you monitor the local adapter, you will see clear traffic.

You have to monitor your tun interface in order to see the encrypted data (you will not see the actual data, just the pattern).

 

When you capture all traffic in Wireshark, it will also parse DNS requests and responses, and this is the menu to see them.

[Milou13 0]

Thanks, zhang888!