I'm using stunnel to encrypt newsgroup traffic. Essentially use stunnel to encrypt port 119 traffic (from the Pan Newsreader) then securely communicate over 563 with astraweb secure servers. The whole set-up is described in detail in this blog post: http://blog.trebacz.com/2012/03/installing-stunnel-to-enable-ssl.html

The system has been "working" for several months, but someone on the blog asked how to confirm it. I checked my logs and each time I'm finished using Pan/Stunnel to download anything I get several entries in my syslog like:

stunnel: LOG5[2111:140426048358144]: Connection closed: 3259 byte(s) sent to SSL, 16756212 byte(s) sent to socket

I started to wonder does this mean some of the traffic was encrypted, but most wasn't?

I fired up wireshark filtered the results to show port 563 traffic ( filter set to tcp.port == 563) as was suggested in another post ( http://ubuntuforums.org/showpost.php?p=5400958&postcount=9). Wireshark does show the traffic is correctly flow through port 563 with astrawebs newsservers when requesting data, but how do I know the traffic is encrypted? I inspected likely packets to contain encrypted data and I don't see anything in plain text (but they're zlib compressed also).