TL;DR
Completely hiding network traffic from Wireshark is very difficult, but you can make it harder to analyse. Encryption (HTTPS) is the most effective method. Other techniques like using a VPN or tunnelling protocols add layers of complexity for an attacker.
How to Make Traffic Less Visible in Wireshark
- Use HTTPS Everywhere: This is the single most important step.
- HTTPS encrypts the data between your computer and the website. Wireshark will see encrypted traffic, but won’t be able to read its contents without the server’s private key.
- Look for the padlock icon in your browser address bar – this indicates a secure connection.
- Use a Virtual Private Network (VPN): A VPN creates an encrypted tunnel between your computer and a VPN server.
- All your internet traffic is routed through this tunnel, hiding your IP address and encrypting your data from your Internet Service Provider (ISP) and anyone else monitoring the network.
- Wireshark will see encrypted traffic to/from the VPN server’s IP address, not the websites you are visiting directly.
- Example: Connecting to a VPN using OpenVPN on Linux:
sudo openvpn --config /path/to/your/vpn.conf
- Employ SSH Tunnelling (Port Forwarding): SSH tunnelling creates an encrypted connection over the Secure Shell protocol.
- Useful for specific applications or services where you want to encrypt traffic.
- Example: Creating a local port forward:
ssh -L 8080:localhost:80 user@remote_serverThis forwards traffic from your computer’s port 8080 to the remote server’s port 80.
- Use DNS over HTTPS (DoH) or DNS over TLS (DoT): These protocols encrypt your DNS queries.
- Standard DNS queries are sent in plain text, revealing the websites you visit. DoH and DoT protect this information.
- Most modern browsers support DoH; check your browser settings.
- Consider Tor: The Onion Router (Tor) routes your traffic through a network of relays, making it very difficult to trace.
- This significantly slows down your connection speed.
- Download the Tor Browser Bundle from the official website.
- Change Ports (Limited Effectiveness): Changing the port used by an application might obscure traffic slightly.
- Wireshark can still identify the protocol even if the port is non-standard.
- This isn’t a strong security measure, but it can add a small layer of obfuscation.
What Wireshark Can Still See
- Metadata: Even with encryption, Wireshark can see information like IP addresses, timestamps, and packet sizes.
- Traffic Patterns: An attacker can analyse traffic patterns to infer what you are doing online (e.g., the size and frequency of packets).
- Unencrypted Traffic: Any unencrypted traffic will be visible in plain text.
Important Note
No method is foolproof. A determined attacker with sufficient access can often find ways to analyse your network traffic, even with these precautions. The goal is to make it more difficult and time-consuming for them.