Is all web traffic sent over http/https protocol?

security https ssl vpn encryption

I was wondering what were the differences (security-wise) between VPN encryption and HTTPS encryption, and I found this article: https://surfshark.com/blog/vpn-vs-https According to this blog, HTTPS is not that secure since it only encrypts " browser traffic " , and explicitly mentions that there's more web traffic that is not "browser traffic" (because is not sent over the https protocol I guess) hence, is not encrypted, and which can be covered with the extra security provided by a VPN, however this site fails to provide examples of that "non-browser traffic", which makes me question the validity of the article.


The use of the term "web traffic" in the question makes things a little confusing, as that would generally be seen as synonymous with "browser traffic".
("The web" is generally used to refer to the subset of internet stuff that relates to web pages, not the network as a whole.)

If you mean internet traffic in general then essentially everything else that uses the IP protocol is the answer to the question. There are literally thousands of examples of other IP-based protocols, all of which could be tunneled over a VPN tunnel.

The IANA list of assigned service names and port numbers can be seen as sort of a hint for indirectly "discovering" more protocols, most of which are not HTTP(S)-based.
Do note that many proprietary solutions do not use officially assigned port numbers, and as such these are obviously just completely missing from the IANA list of assignments even though they very much exist in reality.

Some arbitrarily selected examples thrown in for illustration:

  • DNS
  • SMTP
  • IMAP
  • FTP
  • SSH
  • SIP
  • RDP
  • VNC
  • CIFS
  • SNMP
  • MQTT
  • Bittorrent
  • Mysql
  • Postgresql
  • etc, etc, etc

Although WebSocket(RFC 6455) protocol is browser based, it's an independent TCP-based protocol. Which means it's not sent over HTTP/HTTPS.

1.7. Relationship to TCP and HTTP

This section is non-normative.

The WebSocket Protocol is an independent TCP-based protocol. Its only relationship to HTTP is that its handshake is interpreted by HTTP servers as an Upgrade request.

Related

NXDOMAIN with CNAME RR in ANSWER section
Does Exchange Server store out-of-office/automatic replies in a human-readable form on the filesystem when set?
How to forward a port in Azure?
CentOS 7: power button cannot shutdown before user login (not after)
Finding a backup and synchronization solution [closed]
How to remove old kernel on Ubuntu operating system
Connection via Cloud Identity-Aware Proxy Failed
How to get spamassassin working with postfix as a milter
Misaligned AWK output
Postfix-Bypass header_checks for some senders
Windows certificate templates: how to include group (or OU) claims in SSL/TLS client certiifcates
How to set Exim envelope domain to From domain