DBA struggles a lot to justify an Auditor that SQL Server Connections are encrypted. To prove the same I use my favorite tool Net Monitor to justify the same, but how SQL Server Encrypt it.
SQL Server always encrypts network packets associated with logging in. If no certificate has been provisioned on the server when it starts up, SQL Server generates a self-signed certificate which is used to encrypt login packets
To get more information check this out : http://msdn.microsoft.com/en-us/library/ms131691.aspx