Network Security Research focuses on developing and improving technologies that protect computer networks and the data they transmit. It involves studying security practices, policies, and defensive mechanisms to safeguard networks from unauthorized access, data breaches, and misuse. This research analyzes vulnerabilities and contributes to the development of stronger security protocols that help protect sensitive information and maintain a secure digital infrastructure.
Why is this Research Important?
Network security research plays a critical role in protecting modern digital systems. As cyber threats continue to evolve, organizations must continuously improve their defensive strategies. Research in this field helps protect sensitive data, maintain regulatory compliance, and prevent both financial and reputational damage.
Through ongoing research, security professionals can:
- Prevent financial and reputational damage caused by cyberattacks
- Strengthen authentication and access control mechanisms
- Identify and prevent emerging cyber threats
- Develop stronger and more resilient security systems
- Maintain reliability and trust in digital communication systems
What is Wireshark?
Wireshark is a powerful network protocol analyzer that allows users to capture and analyze live network traffic. It is a free and open-source tool widely used by network administrators, security researchers, and developers to inspect packet-level communication across a network.
Wireshark enables detailed inspection of network packets, helping professionals understand how protocols operate, identify performance issues, and detect suspicious activities within network traffic.
Why is Wireshark Essential?
Wireshark provides deep visibility into network traffic, making it extremely valuable for technical analysis and security investigations.
It is commonly used for:
- Network troubleshooting and performance analysis
- Security monitoring and digital forensics
- Protocol and application development
- Compliance verification and auditing
- Observing and understanding network behavior
Differences Between HTTP and HTTPS
| Feature | HTTP | HTTPS |
|---|---|---|
| Full Form | HyperText Transfer Protocol | HyperText Transfer Protocol Secure |
| Security | Not encrypted | Encrypted with SSL/TLS |
| Port | 80 | 443 |
| Data Protection | None | Protects data from attackers |
| Certificate | Not required | Requires SSL/TLS certificate |
| Browser Label | Not Secure | Secure |
Difference Between Encrypted and Unencrypted Traffic
| Feature | Encrypted Traffic | Unencrypted Traffic |
|---|---|---|
| Data Format | Encrypted | Plain Text |
| Security | Secure | Not Secure |
| Readability | Only authorized parties can read | Anyone can read |
| Protocols | HTTPS, SSH, SSL/TLS, VPN | HTTP, FTP, Telnet |
| Speed | Slightly slower | Faster |
| Risk | Low | Very High |
Environment Setup for Wireshark Packet Analysis
To perform the packet analysis lab, a virtualized environment was prepared. First, a Virtual Machine was installed and configured. Kali Linux was then set up as the guest operating system, followed by the installation of Wireshark for packet capture and analysis.
The following commands were used to configure Wireshark safely:
sudo dpkg-reconfigure wireshark-common
This command configures Wireshark and asks whether non-root users are allowed to capture packets, allowing Wireshark to run without root privileges.
sudo usermod -aG wireshark $USER
This command adds the current user to the Wireshark group so that packet capture can be performed without administrative privileges.
This is the interface where we can see the two commands mentioned in above.
Wireshark interface with HTTP unencrypted packet captured Network traffic:
When capturing traffic from an HTTP website, Wireshark reveals that data is transmitted in plain text. This means sensitive information such as usernames, passwords, and form data can be easily viewed by anyone intercepting the traffic.
Wireshark interface with HTTPS unencrypted packet captured Network traffic:
HTTPS (Hypertext Transfer Protocol Secure) protects communication between a client and server using TLS/SSL encryption. Although Wireshark can capture the packets, the actual data remains encrypted and cannot be interpreted by third parties without the proper encryption keys.
Why HTTPS is Important for Security
HTTPS ensures that online communication remains private and secure. It encrypts sensitive information such as login credentials, personal data, and payment information. HTTPS also verifies the authenticity of websites through digital certificates, helping prevent impersonation attacks and malicious websites.
Key reasons why HTTPS is essential:
- Keeps data transmission private
- Protects passwords and sensitive information
- Prevents attackers from intercepting data
- Helps detect and block fake websites
- Ensures transmitted data remains unchanged
Through this lab, we observed how powerful Wireshark is for analyzing network traffic. Capturing HTTP packets showed that unencrypted connections expose sensitive information such as usernames, passwords, and form data directly. In contrast, HTTPS traffic keeps all content encrypted, preventing third parties from reading or tampering with the data. This clearly demonstrates why HTTPS is essential for modern web security. Overall, the lab helped us understand the real difference between visible vs. encrypted traffic and provided practical insight into secure web communication.