Is all web traffic sent over http/https protocol?
I was wondering what were the differences (security-wise) between VPN encryption and HTTPS encryption, and I found this article: https://surfshark.com/blog/vpn-vs-https According to this blog, HTTPS is not that secure since it only encrypts " browser traffic " , and explicitly mentions that there's more web traffic that is not "browser traffic" (because is not sent over the https protocol I guess) hence, is not encrypted, and which can be covered with the extra security provided by a VPN, however this site fails to provide examples of that "non-browser traffic", which makes me question the validity of the article.
The use of the term "web traffic" in the question makes things a little confusing, as that would generally be seen as synonymous with "browser traffic".
("The web" is generally used to refer to the subset of internet stuff that relates to web pages, not the network as a whole.)
If you mean internet traffic in general then essentially everything else that uses the IP protocol is the answer to the question. There are literally thousands of examples of other IP-based protocols, all of which could be tunneled over a VPN tunnel.
The IANA list of assigned service names and port numbers can be seen as sort of a hint for indirectly "discovering" more protocols, most of which are not HTTP(S)-based.
Do note that many proprietary solutions do not use officially assigned port numbers, and as such these are obviously just completely missing from the IANA list of assignments even though they very much exist in reality.
Some arbitrarily selected examples thrown in for illustration:
- DNS
- SMTP
- IMAP
- FTP
- SSH
- SIP
- RDP
- VNC
- CIFS
- SNMP
- MQTT
- Bittorrent
- Mysql
- Postgresql
- etc, etc, etc
Although WebSocket(RFC 6455) protocol is browser based, it's an independent TCP-based protocol. Which means it's not sent over HTTP/HTTPS.
1.7. Relationship to TCP and HTTP
This section is non-normative.
The WebSocket Protocol is an independent TCP-based protocol. Its only relationship to HTTP is that its handshake is interpreted by HTTP servers as an Upgrade request.