Hide Network Traffic from Wireshark

TL;DR

Completely hiding network traffic from Wireshark is very difficult, but you can make it harder to analyse. Encryption (HTTPS) is the most effective method. Other techniques like using a VPN or tunnelling protocols add layers of complexity for an attacker.

How to Make Traffic Less Visible in Wireshark

1. Use HTTPS Everywhere: This is the single most important step.
   • HTTPS encrypts the data between your computer and the website. Wireshark will see encrypted traffic, but won’t be able to read its contents without the server’s private key.
   • Look for the padlock icon in your browser address bar – this indicates a secure connection.
2. Use a Virtual Private Network (VPN): A VPN creates an encrypted tunnel between your computer and a VPN server.
   • All your internet traffic is routed through this tunnel, hiding your IP address and encrypting your data from your Internet Service Provider (ISP) and anyone else monitoring the network.
   • Wireshark will see encrypted traffic to/from the VPN server’s IP address, not the websites you are visiting directly.
   • Example: Connecting to a VPN using OpenVPN on Linux:

     sudo openvpn --config /path/to/your/vpn.conf

3. Employ SSH Tunnelling (Port Forwarding): SSH tunnelling creates an encrypted connection over the Secure Shell protocol.
   • Useful for specific applications or services where you want to encrypt traffic.
   • Example: Creating a local port forward:

     ssh -L 8080:localhost:80 user@remote_server

     This forwards traffic from your computer’s port 8080 to the remote server’s port 80.

4. Use DNS over HTTPS (DoH) or DNS over TLS (DoT): These protocols encrypt your DNS queries.
   • Standard DNS queries are sent in plain text, revealing the websites you visit. DoH and DoT protect this information.
   • Most modern browsers support DoH; check your browser settings.
5. Consider Tor: The Onion Router (Tor) routes your traffic through a network of relays, making it very difficult to trace.
   • This significantly slows down your connection speed.
   • Download the Tor Browser Bundle from the official website.
6. Change Ports (Limited Effectiveness): Changing the port used by an application might obscure traffic slightly.
   • Wireshark can still identify the protocol even if the port is non-standard.
   • This isn’t a strong security measure, but it can add a small layer of obfuscation.

What Wireshark Can Still See

• Metadata: Even with encryption, Wireshark can see information like IP addresses, timestamps, and packet sizes.
• Traffic Patterns: An attacker can analyse traffic patterns to infer what you are doing online (e.g., the size and frequency of packets).
• Unencrypted Traffic: Any unencrypted traffic will be visible in plain text.

Important Note

No method is foolproof. A determined attacker with sufficient access can often find ways to analyse your network traffic, even with these precautions. The goal is to make it more difficult and time-consuming for them.