# Wireshark Network Packet Capture

##### Owen Kroeger
##### ITT-305
##### Prof. Sluiter

### 1. **Wireshark Network Packet Capture Demonstration**

This assignment shows how unencrypted network traffic can be intercepted using Wireshark. We explore how sensitive information, such as usernames and passwords, can be exposed in plaintext over HTTP and how switching to HTTPS encryption protects this data during transmission.

### 2. **Building the Login Application**

We created a simple Spring Boot application with a login form to demonstrate how HTTP traffic can expose sensitive information. The key steps involved:

- **Creating a new Spring Boot project**: We set up the project with Spring Web, Thymeleaf, and DevTools dependencies.
- **Creating a `UserModel` class**: This class stores user credentials such as `username`, `password`, and `id`.
- **Creating a `UserController` class**: This handles GET and POST requests for displaying the login form and processing user login credentials.
- **Creating two HTML templates**:
  - `loginform.html`: Provides a form for users to input their login credentials.
  - `loginresult.html`: Displays the results of the login attempt, indicating success or failure.

### 3. **Network Packet Sniffing with Wireshark**

Wireshark is a network diagnostic tool used to capture network traffic. It can be used for both legitimate network analysis and malicious packet sniffing. We used Wireshark to demonstrate how HTTP traffic exposes sensitive data.

**Steps:**

- **Start Wireshark**: Select the network interface to monitor (in this case, the loopback interface, since we're running the web server locally).
- **Capture HTTP traffic**: After starting Wireshark, we logged in to the Spring Boot application. Wireshark captured the unencrypted HTTP request, which included the username and password in plain text.

### 4. **Transitioning to Secure HTTPS Communication**

To protect user credentials, we transitioned the application from HTTP to HTTPS using SSL/TLS encryption.

- **Generating an SSL Certificate**: Using the `keytool` command, we generated a self-signed SSL certificate and stored it in a keystore.
- **Configuring Spring Boot for HTTPS**: We updated the `application.properties` file to enable HTTPS by specifying the keystore and its password.
- **Running the application with HTTPS**: The application now runs on port `8443` using HTTPS, ensuring encrypted communication.

### 5. **Capturing Encrypted Traffic with Wireshark**

With HTTPS enabled, we captured the network traffic using Wireshark again.

- **TLS encryption**: This time, the captured traffic was encrypted using the TLS protocol, making it unreadable. Wireshark showed packets labeled as "TLS" instead of "HTTP," confirming that the data was encrypted and secure.

### 6. **Understanding SSL/TLS and Certificate Authorities**

SSL/TLS certificates are used to encrypt data during transmission, ensuring that sensitive information like passwords cannot be intercepted by third parties.

- **Self-signed certificates**: For this demo, we used a self-signed certificate, which is not trusted by browsers but is acceptable for local testing.
- **Certificate Authorities (CAs)**: In production, certificates should be issued by trusted CAs to ensure that browsers and clients trust the website.

### 7. **Security Best Practices**

To ensure secure communication:

- Use strong, modern encryption standards like TLS 1.2 or higher.
- Always use HTTPS for web applications that handle sensitive information.
- In production, use SSL/TLS certificates issued by trusted CAs, rather than self-signed certificates.

### 8. **Common Security Protocols**

| Initials | Name                          | What It Is Used For                                                              |
|----------|-------------------------------|----------------------------------------------------------------------------------|
| HTTP     | Hypertext Transfer Protocol    | Send hypertext pages for World Wide Web applications.                            |
| TCP      | Transmission Control Protocol  | Provides reliable, ordered, and error-checked delivery of data over IP networks. |
| SNMP     | Simple Network Management Protocol | Used for network management and monitoring.                                       |
| FTP      | File Transfer Protocol         | Transfer files between client and server over a network.                         |
| SMTP     | Simple Mail Transfer Protocol  | Send emails between mail servers and clients.                                    |
| IMAP     | Internet Message Access Protocol| Access and manage emails on a remote server.                                     |
| POP3     | Post Office Protocol 3         | Retrieve emails from a mail server.                                              |
| DNS      | Domain Name System             | Resolves domain names to IP addresses.                                           |
| SSH      | Secure Shell                   | Provides secure remote access to systems over an unsecured network.              |
| UDP      | User Datagram Protocol         | Sends data without ensuring reliable delivery, often used in real-time services. |
| RDP      | Remote Desktop Protocol        | Provides remote access to Windows desktops and applications.                     |
| VoIP     | Voice over Internet Protocol   | Delivers voice communications and multimedia sessions over IP networks.          |
| DHCP     | Dynamic Host Configuration Protocol | Assigns IP addresses to devices on a network automatically.                     |
| LDAP     | Lightweight Directory Access Protocol | Manages and accesses distributed directory information services.              |
| TLS      | Transport Layer Security       | Provides encryption for data transmitted over networks to ensure security.       |


![firstlogin.png](attachment:9f061553-42da-4fbb-8b51-027659ef5f98.png)

**Caption:** ↑ This first picture shows my initial login page set up and running on local host with a successful login.

![wireshark.png](attachment:fd740a71-3f46-40c5-98c8-b43867444e91.png)

**Caption:** ↑ This shows wireshark capturing the unencrypted HTTP request.

![packet.png](attachment:afff8955-4d64-4b76-b9a3-b6d07a7bf997.png)

**Caption:** ↑ Here we are looking at the HTTP stream to find information about the request.

![decoded.png](attachment:70d381c7-6db0-47af-ae1f-63d43abb3a2c.png)

**Caption:** ↑ This shows the form item contents alongside the HTTP stream, directly showing the intercepted username and password.

![certificate.png](attachment:13714f87-2959-4ed7-84da-09bcf6f778d4.png)

**Caption:** ↑ Here we see our new HTTPS form's invalid certificate warning along with the certificate information.

![hiddenwireshark.png](attachment:77ce978e-6e6f-4891-95da-53442e991bcc.png)

**Caption:** ↑ Now when we use wireshark, we see that the request is hidden with the TLS protocol.