Stupid random VPN/Wireshark question

[Mercutio]

Assuming my ISP were interested in my connection for... reasons.

I'd assume a network attached to a VPN tunnel, while having encrypted data would still show an increase in packets from a certain source at certain times if an ISP stuck a wireshark/other packet sniffer on it?

Promise it's more a "I work for an ISP and tempted with some shenanigans" than a "terrorist mastermind" thing.

Essentially a thought exercise around masking my geo location when working from home (route all traffic from a specific machine to my home network with a VPN, thus using the home networks gateway as my public IP source). Curious what "signs" there would be/IP forensics that could be done.

 

[Steveocee]

Source, Destination, port and packet volume / speed the VPN is being used on is all they would see unless they managed to decrypt your tunnel.

 

[Caged]

Your ISP don't care what you do on your connection other than if your usage gets so high that they can notice it, or if somebody with the ability to cost them money in legal fees sends them a letter asking who had a certain IP address at a certain time.

It would probably be possible to figure out that a WireGuard tunnel is being used if someone wanted to look that closely, and the ISP would be able to see 5Mbps of traffic coming out of your home connection to a single destination at the same time as 5Mbps was coming in from iPlayer, but they're not going to be spending the resources to routinely monitor this.