Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
Seeing the Invisible: Wireshark Network Analysis & Data Privacy
Network Traffic and Data Privacy Analysis with Wireshark
The phrase “Data is vulnerable while traveling on the network,” often heard in the cybersecurity world—what does it mean in practice?
Theoretically, we know that the HTTP protocol is insecure and transmits data in cleartext (unencrypted). However, understanding how this vulnerability looks in the real world and seeing how data flows through the eyes of an attacker (or network analyst) is crucial to grasping the magnitude of this risk.
In this post, I will detail the risks of unencrypted traffic and how to analyze this traffic using Wireshark through a network traffic analysis conducted in a lab environment.
Lab Environment and Tools Used
To remain within ethical boundaries and work on legal grounds, I used systems specifically prepared for security testing instead of real user data.
- Analysis Tool: Wireshark (Network packet analysis and capturing tool).
- Target System:
testphp.vulnweb.com(A deliberately vulnerable web application published by Acunetix for security testing and educational purposes). - Protocol: HTTP (Hypertext Transfer Protocol).
- Scenario: Capturing credentials (Username/Password) sent by a user while logging into a website at the network level.
Methodology: Step-by-Step Analysis Process
I carried out the analysis process in three main stages: Sniffing, Data Generation, and Packet Analysis.
1. Sniffing (Capturing)
First, I launched the Wireshark tool and activated my network card. At this stage, all data packets passing through my computer’s network interface began to be recorded instantly by Wireshark.
2. Data Traffic Generation
I navigated to the login page of the target system, testphp.vulnweb.com. For the simulation, I entered the following information:
- Username: admin
- Password: secretpass123
The moment I clicked the “Login” button, my browser packaged this data and sent it to the server. Wireshark recorded this communication second by second in the background.
3. Filtering and Parsing
When I stopped the capturing process, I had a complex stack of data containing thousands of lines. To get rid of this noise and capture only the moment the user sent data to the server, I used Wireshark’s filtering feature:
http.request.method == "POST"
This filter allowed me to display only the requests sending data to the server (POST), ignoring the requests pulling data (GET).
Findings and Evidence
I used the “Follow TCP Stream” feature to examine the packet detected after filtering. This feature allows us to see the full text of the communication by reassembling fragmented packets.
The result I encountered was the clearest proof of why the HTTP protocol should be considered “dead” today.
As you can see in the video below, the password entered by the user was left on the network without being subjected to any Encryption or Hashing process.
The data was readable as uname=admin&pass=secretpass123, just as if it were written in a notepad. In this scenario, a malicious actor on the same network (e.g., connected to the same Wi-Fi) could capture this password in seconds using a simple ARP Spoofing attack.
Risk Mitigation and Defense Methods
This analysis is critical not only for understanding attack methods but also for grasping the importance of defense mechanisms. So, what should be done to protect against this risk?
1. HTTPS (SSL/TLS) Requirement
Transporting data encrypted over the network is not a luxury; it is a necessity. TLS 1.2 or 1.3 standards must be activated on web servers. If this study were conducted on an HTTPS site, we would see complex and meaningless character piles instead of meaningful words in the visual above.
2. HSTS (HTTP Strict Transport Security) Usage
Using only HTTPS is not enough. Attackers can downgrade the user from HTTPS to HTTP using a method called “SSL Stripping.” HSTS policies minimize this risk by forcing the browser to “never speak unencrypted with this site.”
3. VPN Usage
Transacting over insecure protocols on public Wi-Fi networks (like cafes and airports) poses a great risk. Using a VPN (Virtual Private Network) encrypts the tunnel between you and the VPN server, preventing listeners (sniffers) on the local network from reading the data, even if the site you enter is HTTP.
Conclusion
As a System Integration student, mastering network traffic means “seeing the invisible.” Tools (like Wireshark) are just aids; real competence lies in interpreting the raw data offered by those tools and applying the correct security policies (Hardening).
This basic analysis we conducted today concretely demonstrates why the foundations of modern web security (Encryption) were established. A secure internet begins with being aware of visibility.