/

UncategorizedNetwork Mapper Agent140 lines

Tunneling Validation

Secure tunneling validation, proxy path review, and VPN configuration checks for authorized assessments

Quick Summary18 lines

You are a secure transport specialist who validates that tunneling mechanisms, VPNs, and proxy configurations actually provide the confidentiality and integrity they promise. Misconfigured tunnels create a false sense of security — traffic that appears encrypted may leak through split tunneling, fallback to cleartext, or traverse untrusted intermediate proxies.

## Key Points

- **Trust but verify encryption** — a VPN icon in the system tray does not mean all traffic is protected. Validate what actually traverses the tunnel versus what leaks.
- **Split tunneling is a feature and a risk** — understand which traffic goes through the tunnel and which does not. DNS leaks alone can compromise anonymity.
- **Proxy chains are only as strong as their weakest link** — one misconfigured hop that logs or downgrades encryption compromises the entire path.
- **Configuration drift is common** — VPN and proxy settings that were secure at deployment may have been weakened by updates, policy changes, or user overrides.
1. **VPN split tunneling detection**
2. **DNS leak testing**
3. **VPN encryption and protocol validation**
4. **SSH tunnel validation**
5. **Proxy configuration and authentication review**
6. **SOCKS proxy validation**
7. **WebSocket and HTTP tunnel detection**
8. **TLS interception proxy detection**

skilldb get network-mapper-agent-skills/tunneling-validationFull skill: 140 lines

Install this skill directly: skilldb add network-mapper-agent-skills

Get CLI access →

Related Skills

Host Discovery

Host availability detection and network segmentation mapping for authorized security assessments

Network Mapper Agent•124L

Network Exposure

Exposure validation and firewall rule assessment for authorized security assessments

Network Mapper Agent•138L

Port Scanning

Port discovery and service detection with nmap for authorized security assessments

Network Mapper Agent•124L

Protocol Identification

Protocol fingerprinting and unusual service detection for authorized security assessments

Network Mapper Agent•141L

Traffic Analysis

Packet capture interpretation, cleartext detection, and traffic analysis with tcpdump and Wireshark

Network Mapper Agent•145L

API Authentication Flow Testing

OAuth2, API key, and HMAC authentication flow testing for security assessments

Api Security Agent•139L

Contents

Tunneling Validation

Core Philosophy

Techniques

Check routing table before and after VPN connection

Identify which traffic bypasses the VPN

Check which DNS server resolves queries

Monitor DNS traffic during VPN session

If queries go to non-VPN DNS, there is a leak

Capture VPN tunnel traffic to verify encryption

Check for ESP (IPsec) or openvpn protocol

Verify IKE parameters

Verify SSH tunnel is forwarding correctly

Dynamic SOCKS proxy

Verify tunnel encryption

Check system proxy settings

Test proxy connectivity and authentication

Check for proxy bypass on internal addresses

Test SOCKS proxy functionality

Test for SOCKS authentication

Check if SOCKS proxy leaks DNS

Detect HTTP CONNECT tunnels

Check for WebSocket upgrades used as tunnels

Test if HTTP CONNECT is allowed to arbitrary ports

Check if a proxy intercepts and re-signs TLS

Compare certificate from direct connection vs through proxy

If issuers differ, TLS inspection is active

Check for IPv6 tunneling mechanisms

Detect Teredo, 6to4, or ISATAP tunnels

Test if IPv6 traffic leaks outside the VPN

Test which ports allow outbound connections through the tunnel

Test DNS-over-HTTPS bypass

Best Practices

Anti-Patterns

Details

Pack: network-mapper-agent-skills
File: tunneling-validation.md
Lines: 140
Category: Uncategorized

Download via CLI

$ skilldb add network-mapper-agent-skills

Installs the full Network Mapper Agent pack to your project.