VPN connected but most traffic not HTTPs?


I’m using a VPN and have noticed that the main traffic type ‘other’? Why would this be? Also should I be concerned with the other connection types in the image?


When using a VPN, the traffic type labeled as “other” typically refers to miscellaneous or unidentified network traffic. It can include various types of connections and protocols that the monitoring software may not categorize specifically. The “other” category is a catch-all for traffic that doesn’t fit into predefined categories like web browsing, streaming, or file sharing.

Sorry for the poor formatting, I had to quote my reply becasue the forum kept insisting I was posting links.

Let's break it down;

The second line, HTTPs is just that, a secure connection to a website. JUST becasue it is HTTPs does NOT mean it is truly secure and valid. An HTTPs connection CAN be made to a site that does not have a valid SSL certificate. Many self hosted services like home automation, the admin page to your home router, a self installed web server or file server using a local "Certificate". YES, it is SSL and yes it COULD very well be secure and encrypted, BUT, can you trace that certificate BACK to a legitimate entity? Like your bank, utility company, government website (IRS,VA, State, Local govs). THOSE entities WOULD use a valid certificate from a TRUSTED top level issuer (like VeriSign).

The next line, is just regular old HTTP, most commonly on port 80, BUT, can be hosted on really any port. This is true for HTTPs as well. Many home users will use a port like 8080, 8443 or some variation to get around their ISP blocking the usage of servrs on residential connections.

Next line, DNS. This is the "phone book" system of the net. It translate the common language address to an IP address.  Like a phone number to a person's name.

NetBIOS, this is most likely you PC broadcasting it's name on your LAN or Wifi looking for other computers and services. Things like printers, shared folders and other services dependant on being found my your computer's name. Your home router or even ISP modem/router will play a part in this as well when it assigns an IP address to you pc. It's is essentially a LOCAL DNS type of lookup. MOST NetBIOS activity is blocked from crossing your modem onto the internet by most reputable and name brand AND properly configured routers and modems. 

UPnP is a way for a computer to dynamically get an open port form your modem/router in order to connect a service. Back in the day before home networks were really common and CERTAINLY before EVERYONE had a smart phone and in the days of dial-up your computer hung itself out on the internet with a public IP address. As computers, phones and more and more internet capable devices came into our homes there needed to be a way to connect all these devices even with the "limited" number of available public IP addresses. That's where private IP blocks like 192 168 1 xx and 10 0 0 xx came into play. Your main internet connection had its public IP that could be found by other computers and users on the internet. BUT, those internal devices with the private IP could NOT be found and usually had trouble connecting to services like games, chat sessions, camera sessions just about everything that required a direct connection. A tech savvy user could still make the connection by setting up rules in their router (at the time either a dedicated PC that shared an internet connection or spare hardware from work) that passed these connection requests on from the public IP to the Private IP. YAY! Games, cameras, private chats worked again. But of course the key was "tech savvy" Along came Universal Plug and Play. This was a protocol that allowed a computer on the home network to ask for a temporary or even semi permanent port to pass a certain service from the public network through to the private network. In the early days UPnP was VERY poorly implemented, insecure and was targeted by malicious users to open a way into your private network. Things have got better, UPnP is more securely handled, can be turned off in you OS or you Router and even some providers like AT&T Fiber completely disable UPnP functionality in their provided gateway. In short, this is just Windows standing on the hill screaming out to your network that it has UPnP enabled and can request/accept dyanmic port connections. USUALLY not a big issue, but does need to be watched like a "quiet" two year old. ;-)

mDNS, the best way I can describe it is, it is a grenade approach to DNS. I honestly can't give a better explanation than that one, sorry.

DHCPv6 is just your computer asking your modem/router for an IPV6 IP address. Computers traditionally used IPV4 (8 8 8 8  - Google's DNS service, 192 168 1 1 - Usually the address held by your router, etc.) IPV6 is an implementation that uses a larger available address pool than can be handled out by IPV4. This all comes down to bits/bytes and the mathematics behind what is a bit or a byte. If ya got time to waste go do a hunt on the net for bits/bytes IP allocation and the like. QUITE a bit of reading to be found on the subject, enough to make your head spin. I never really enjoyed IP subnetting being that I never like math and numbers either, hehe.

And as mention, the other is just about everything else. From your PC contacting the windows time host to sync its clock with usually time.windows.com which is tied to an atomic clock somewhere. Application xyz "phoning home" to get an update or to report some statisitics. Again, this is another one of those computer math things. The magic number for in computers is 65535. Where that number came form, I don't remember. It was decided back in the EARLY days of computers. Usually ports 1 to 1024 are "privledged". These are common ports like 21 for FTP, 25 for SMTP, 80 for HTTP 443 for HTTPS and a slew of others. Everything above that is considered "fair game" and can be used for just about any type of connection. Keep in mind that just because a port is "privledged" doesn't mean it is to be EXPLICITY trusted. Just like a scammer's phone number it too can be faked. Ever get a phone call from your own number and it was a Prince telling you that you inhertied a trillin dollars from his dearly departed relative and he just needs $50 to gt it to you?  ;-)

And as was mentioned, just becase you are using a VPN doesn't mean you are completely protected. NOT every connection you make will use the VPN and if your connection is not properly configered you can leak information despite using the VPN. This is common when you use your ISP's DNS servers instead of the DNS servers provided by the VPN provider.  Look up DNS leaks for more info.

Hope this helps!
1 Like