Comment on UK households could face VPN 'ban' after use skyrockets following Online Safety Bill
NateNate60@lemmy.world 3 weeks agoAttached below is a Wireshark trace I obtained by sniffing my own network traffic.
I want to draw your attention to this part in particular:
Underneath “User Datagram Protocol”, you can see the words “OpenVPN Protocol”. So anyone who sniffs my traffic on the wire can see exactly the same thing that I can. While they can’t read the contents of the payload, they can tell that it’s OpenVPN traffic because the headers are not encrypted. So if a router wanted to block OpenVPN traffic, all they would have to do is drop this packet. It’s a similar story for Wireguard packets. An attacker can read the unencrypted headers and learn
- The size of the transmission
- The source and destination IP addresses by reading the IP header
- The source and destination ports numbers by reading the TCP or UDP headers
- The underlying layers, up until the point it hits an encrypted protocol (such as OpenVPN, TLS, or SSH)
wrassleman76@lemmy.ca 3 weeks ago
You’re using the default port though, are you not? If the source port were not 1194, a port associated with openvpn, would wireshark still identify this as openvpn traffic?
NateNate60@lemmy.world 3 weeks ago
Wireshark can’t but there are other methods, such as checking for the known OpenVPN protocol opcodes in the headers:
Image