I Tested My VPN With Wireshark — It's Leaking Your Real IP

Added: 2026-06-04

[00:00:00]You turn on a VPN and feel pretty anonymous online. Then you open a site like browser leaks. Suddenly, there's a lot more information about your device than you expected. Your time zone, your language settings, your screen resolution, the fonts installed on your computer, your graphics card, your audio system, your browser version, none of that information is hidden by a VPN. A VPN only changes one thing. The IP address websites see. Everything else comes directly from your browser and device. That's why a VPN isn't the same thing as anonymity.

[00:00:32]It protects your network location, but it doesn't stop websites from learning a surprising amount about the system you're using.

[00:00:39]If all you're relying on is a VPN, you're only hiding one piece of the puzzle while the rest of the picture is still visible. This is called canvas fingerprinting. You visit a website and in the background, a small script runs without you noticing. It creates an invisible drawing area inside your browser and asks your device to draw a few pieces of text and some simple shapes.

[00:00:58]Sounds harmless. But, here's the trick.

[00:01:01]Your browser doesn't draw those shapes completely on its own. It relies on your graphics card, your operating system, your installed fonts, and other parts of your device. And those components don't all render things in exactly the same way. Tiny differences in hardware, drivers, fonts, and rendering engines can change the final image by just a few pixels.

[00:01:21]The website then takes that image and turns it into a short identifier known as a hash.

[00:01:27]On its own, that hash doesn't reveal your name or who you are, but it can be surprisingly distinctive. If the same browser keeps producing the same result, websites can use it as one more signal to recognize that it's probably the same device returning again.

[00:01:40]Your VPN can change your IP address, but it doesn't change how your computer draws that image. So, while your location may look different, your browser can still leave behind a recognizable fingerprint every time it loads the page. And then there's WebGL.

[00:01:54]Canvas fingerprinting is one thing, but WebGL can reveal even more about the hardware behind your browser. When a website uses WebGL, it can often see details about the graphic system that's rendering the page.

[00:02:05]Depending on your browser and settings, that may include information such as the GPU vendor, the graphics renderer, and other characteristics of your graphic stack.

[00:02:14]In many cases, that information can be detailed enough to reveal the specific graphics hardware being used.

[00:02:20]The website doesn't need to ask for permission. It doesn't need you to click anything. The moment the page loads, those details can be queried automatically. On their own, they might not identify you, but combined with your screen size, language, fonts, browser version, and dozens of other signals, they become part of a much larger fingerprint. That's why changing your IP address with a VPN doesn't make you invisible.

[00:02:45]Websites can still collect information about the device and browser sitting behind that VPN connection. Now, let's talk about WebRTC. It's a technology that powers browser-based voice calls, video calls, screen sharing, and other real-time communication features.

[00:03:00]To establish direct connections between devices, WebRTC gathers networking information using technology such as STUN and ICE.

[00:03:09]In some browsers and VPN configurations, this process can reveal IP addresses that a user expected to be hidden by their VPN.

[00:03:18]Websites can sometimes access this information through JavaScript running in the browser. This is known as a WebRTC leak. The important detail is that it doesn't happen because the VPN is broken. It happens because the browser is trying to discover network routes for peer-to-peer communication.

[00:03:35]Depending on how the VPN and browser are configured, those requests may expose information the user didn't intend to share. Want to see whether your browser is leaking network information? Open Wireshark and filter for STUN traffic.

[00:03:47]Connect to your VPN, then visit a WebRTC testing page. Watch the STUN exchanges that occur in the background. If your browser and VPN aren't handling WebRTC correctly, you may see IP addresses appear in the stun responses that you didn't expect to be exposed.

[00:04:03]In some cases, that can include your actual public IP address or local network addresses, even while your VPN appears to be working normally.

[00:04:11]Meanwhile, an IP lookup site might happily report that you're browsing from Amsterdam, London, or New York. That's what makes WebRTC leaks so deceptive. Everything looks protected on the surface, but a separate browser feature may be revealing network information behind the scenes.

[00:04:28]The VPN isn't necessarily failing. The browser is simply using a communication system that requires network discovery, and unless the VPN specifically accounts for it, information can sometimes slip through. Last one, DNS leaks. Every time you type a URL, your machine sends a DNS query, basically asking, "What's the IP address for this domain?"

[00:04:49]Normally, that request goes through your ISP's DNS server. A VPN should route those queries through its own DNS, but it doesn't always. Filter for DNS in Wireshark while your VPN is running. If you see queries going out to your ISP's DNS instead of the VPN's, your ISP still knows every domain you're visiting. The traffic is encrypted. The destination list is not. Next, check for DNS leaks. Visit a DNS leak testing site and run an extended test. When you type a website address, a DNS server translates that name into an IP address, so your browser knows where to connect.

[00:05:28]Normally, a VPN should route those DNS requests through its own DNS servers or another privacy protected resolver.

[00:05:36]If the test shows DNS servers belonging to your ISP instead, your DNS request may be bypassing the VPN. That's called a DNS leak. It means your ISP could potentially see which domains you're looking up, even though the rest of your traffic is going through the VPN tunnel. That's a privacy problem, but it's not the same thing as your VPN failing completely. The connection itself can still be encrypted, and your ISP usually can't see the content of the websites you're visiting.

[00:06:06]What they may be able to see are the DNS requests used to find those websites in the first place. So, let's be clear about what a VPN does. It encrypts your traffic between your machine and the VPN server. It hides your real IP from destination servers. That's genuinely useful on public Wi-Fi, from your ISP, for basic geo-unblocking. That's it. It does not stop fingerprinting. It does not fix WebRTC leaks by default. It does not guarantee DNS is routed correctly.

[00:06:34]And it does nothing about the fact that websites are building profiles on you from dozens of signals that have nothing to do with your IP. A VPN is one layer.

[00:06:42]Most people treat it like it's the whole wall. So, what fills the gaps? For scraping, automation, multi-account work, running TikTok, Instagram, email accounts, you need IPs that rotate and actually look like real users.

[00:06:56]Not a data center flag that every website already blacklist.

[00:07:00]You can also use ISP proxies. They work more like fixed home broadband IPs, better for long-term account management, multi-region access, ad verification, situations where you need a stable identity instead of a rotating one.

[00:07:14]That's where IP Cookie comes in. 55 million residential IPs across 185 locations.

[00:07:20]Traffic looks like it's coming from a real household, not a server farm.

[00:07:24]City-level targeting. Sticky sessions up to 24 hours. HTTP and SOCKS5 support. Pricing starts at $0.5 per gigabyte, and the traffic never expires.

[00:07:36]You only pay for what you actually use.

[00:07:38]Link is in the description. New users get a free 100 MB trial and 20% off.

[00:07:44]Thanks for IP cook for sponsoring the video. A VPN is a starting point. Now you know what it's actually doing and what it isn't.