Module 2 Assignment 2 – Protocol Analyzer

Protocol Analyzer Report (Wireshark Analysis)

1. Introduction
Protocol analyzers, such as Wireshark, are essential tools in cybersecurity, allowing professionals to
monitor network traffic, detect anomalies, and analyze communication patterns between systems. This
experiment aimed to capture network packets using Wireshark and analyze the data exchanged between
the local machine and remote servers.

2. Observations from Captured Traffic

During the network traffic capture, various protocols were observed, including:

●​ TCP (Transmission Control Protocol) – Establishes and maintains network connections.

●​ TLS (Transport Layer Security) – Secures communication between a client and a server.
●​ HTTP (HyperText Transfer Protocol) – Handles unencrypted web traffic.
●​ ICMP (Internet Control Message Protocol) – Supports network diagnostics (e.g., pings).
●​ ARP (Address Resolution Protocol) – Maps IP addresses to MAC addresses.

The analysis revealed encrypted and unencrypted traffic, showing how applications communicate over the
network.
3. Analysis of Specific Packets

A. Encrypted Communication (TLS & TCP)

●​ Observation: Multiple TLSv1.2/1.3 packets were captured, indicating secure web traffic.
●​ Impact: This ensures that data remains encrypted between the browser and the remote server,
preventing interception.
●​ Example: TLS packets with Application Data indicate a secure session, while TCP Reset (RST)
packets highlight connection terminations.
B. Unencrypted HTTP Request

●​ Observation: An HTTP GET request was detected.

●​ Risk: Unlike HTTPS, HTTP transmits data in plain text, making it vulnerable to
Man-in-the-Middle (MitM) attacks.
●​ Example: The HTTP request header was visible, showing URLs accessed and the user-agent
string.

C. ICMP and ARP Activity

●​ Observation: The presence of ICMP packets suggests network diagnostics, such as ping requests.
●​ Example: Router advertisements were observed, which help manage network routing.

4. Security Implications
From the analysis, key security considerations include:

1.​ Encryption Matters: TLS is crucial for protecting sensitive data during transmission.
2.​ Avoid HTTP Traffic: HTTP connections should be replaced with HTTPS to prevent data
interception.
3.​ Monitor Unusual Traffic: TCP reset (RST) packets and unexpected ICMP messages can indicate
network intrusions or misconfigurations.
4.​ Analyze ARP Requests: Frequent ARP lookups could signal ARP spoofing attacks, where an
attacker attempts to intercept local traffic.

5. Recommendations
Based on the findings, the following security best practices are recommended:

1.​ Use HTTPS & Secure Protocols: Avoid HTTP traffic and enforce TLS encryption.
2.​ Enable Network Monitoring: Regularly analyze ICMP and ARP traffic for anomalies.
3.​ Restrict Unnecessary Open Ports: Firewall rules should block unwanted TCP/UDP traffic.
 4.​ Conduct Periodic Packet Analysis: Wireshark should be used to detect suspicious activity
proactively.

6. Conclusion
This experiment demonstrated the power of Wireshark in network traffic analysis. The captured packets
provided insights into secure (TLS) vs. insecure (HTTP) traffic, TCP handshakes, and diagnostic
protocols (ICMP, ARP). Regular protocol analysis can enhance network security by identifying
vulnerabilities and mitigating threats.