How to test your VPN’s encryption

Testing your VPN’s encryption during live traffic uncovers vulnerabilities and helps you identify potential vulnerabilities such as data leaks and better understand connection drops or outages. This guide will show you how to test your VPN’s encryption to ensure you get a full understanding of it before you make a purchase with a free VPN trial.

1. Check IP leaks using the command line interface (CLI)

The safest indicator of a VPN with strict privacy controls is its ability to effectively mask your IP address and keep your true location hidden. Easily check your IP address on a desktop using command line interface (CLI) tools and compare it with the results from a website like WhatIsMyIPAddress.

Mac: Dude ipconfig getifaddr en0 for wired; en1 for WLAN in the terminal
Windows: Open Command Prompt and type ipconfig /all. Look under all IPv4 address fields.

If your actual location appears on the command line, it indicates that your VPN’s encryption is weak. We tested Windscribe’s free VPN servers. In general, we don’t recommend using a free VPN, and the results speak for themselves. There is a mismatch between the IPv4 address in the Ethernet Adapter column and the address provided by the VPN.

2. Use Wireshark to detect unencrypted traffic

Wireshark is an extremely powerful, cross-platform application that detects data leaks. It provides a detailed view of all data flows leaving your internal network. The installer is available for free for Windows, Mac and Linux and there is even a portable version for Windows.

After installing Wireshark on Windows, launch Wireshark and navigate to Capture -> start. If an error occurs, make sure the free edition of Npcap has been installed.

Using Wireshark in Windows to capture network data for WiFi and a VPN using Capture -> Start.” class=”wp-image-783418 lazyload” loading=”lazy”/></figure>
</div>
<p>First, you’ll see a continuous stream of IP address packets filling the screen. In this VPN example, I used one of the best free Wireguard based servers. For the most part, there were no data leaks as the masked IP address was visible throughout. However, certain pink areas indicated a potential leak, which appeared to be an abnormal ARP packet that revealed my true, unencrypted IP address.</p>
<div class=

Unusual ARP packets that reveal the original IP addresses in Wireshark.

Although the above is a good VPN provider, its encryption is not foolproof. Even a tiny vulnerability to ARP poisoning (a man-in-the-middle attack) is concerning.

Read also: The terms VPN and proxy are used interchangeably, but they are different, as are VPN and firewall.

3. Discover BrowserLeaks’ comprehensive VPN testing tools

If you’re not interested in checking data packets yourself, leave it to BrowserLeaks. The site offers various tools including IP address checkers, WebRTC leak detection, WebGL reports, SSL/TLS client testing, canvas and font fingerprinting, and my personal favorite, the Geolocation API. Remember to turn on the VPN before proceeding with any of the tests.

The final test, “Geolocation API,” retrieves your device’s GPS location within a few meters, making it the final check of whether your VPN is doing a good job. One of the leading VPN providers failed this test in our evaluation. However, it did not cause any WebRTC leaks, which is a hallmark of some of the best VPNs.

The WebRTC leak test at BroweserLeaks did not reveal any WebRTC leaks.

What I like most about BrowserLeaks is how comprehensive the tools are, yet incredibly easy to use. All you need is a browser and an active VPN.

Using a Canvas fingerprint test makes it one of the few free online services that provides a clear overview of “browser fingerprinting” – your unique digital identity mapped by websites based on your browsing habits and other unique factors.

BrowserLeaks' signature tests were measured and verified by the Canvas fingerprinting test.

Unfortunately, the VPN provider mentioned above was unable to protect my unique signature. It says: “6 out of 227,965 user agents have the same signature.” It’s just the number of devices I’m currently using that’s a bit scary.

Listen: Is location spoofing the same as using a VPN? Know the differences between the two.

4. Run advanced testing with DNSLeakTest

The Domain Name System (DNS) is central to everything we do online. When you use your real IP address, your device sends a DNS request to every website, revealing your real IP address. A reliable VPN should completely mask your DNS to protect your device. However, many low-end or free VPNs often fail to protect this sensitive information.

DNSLeakTest is a website that identifies security vulnerabilities through continuous testing. On its platform, you can choose between a standard test and a more comprehensive advanced test. To properly understand your VPN provider’s server security, it is recommended to run these tests multiple times (on different servers). In addition to detecting DNS leaks, you can also detect IP leaks and WebRTC leaks.

Advanced leak tests created by DNSLeakTest.

Related: DNSLeakTest can only provide one-time information about the encryption of your VPN. If you want historical data, GlassWire, a freemium provider, offers in-depth insights useful for network administrators.

On the websites and apps of many leading VPN providers, you can find tools that provide a live overview of DNS testing, IP leaks, WebRTC leaks, and more. Since these tests are provided by the VPN provider, it is easy to argue that they are a form of brand endorsement. Of course, VPN services would appear flawless while at the same time highlighting flaws in other services.

While VPN providers may prefer their own services over others, the main purpose of these tools is to monitor the performance of your VPN subscription. They help you check live leaks, monitor ISP monitoring, and detect any attempts to throttle your connection speeds.

Top VPNs often use obfuscated traffic to make your encrypted data look like normal ISP packets, leaving it largely unnoticed. But smaller VPN providers lack these features and can’t cover your tracks. If your VPN servers are not properly encrypted, data leaks will occur, which ISPs can use to impose their fair usage policies and bandwidth limits.

Similar to tools like Wireshark, built-in VPN encryption testing tools allow you to closely monitor abnormal data packets or content filters introduced by your ISP. For example, ExpressVPN offers a diagnostic information feature to keep an eye on ISP disruptions on your network.

If you find that your ISP is slowing down your VPN, the solution is simple: switch to a different VPN server. Most VPN providers continually upgrade and migrate their high-end smart servers to ensure you stay one step ahead of any attempts to slow down your connection.

Testing VPN encryption is the most reliable way to assess the performance of a VPN. Some of the safest VPNs meet the criteria that give them a clean bill of health. Additionally, it’s important to understand what type of data a VPN wants to hide, including your location and other personal information.

Image source: Pixabay. All screenshots by Sayak Boral.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sayak Boral is a technology writer with over 11 years of experience across multiple industries including semiconductors, IoT, enterprise IT, telecom OSS/BSS, and network security. He has written for MakeTechEasier on a variety of technical topics, including Windows, Android, Internet, hardware guides, browsers, software tools, and product reviews.