Michael WaltonGrey Key Security Lab (SOC Portfolio)
HomeProjectsSOC CasefilesResourcesAboutResume
Michael WaltonGrey Key Security Lab (SOC Portfolio)

Information Technology Professional. SOC / Cybersecurity Analyst focused on threat detection, incident response, and security operations.

Navigation

  • Home
  • Projects
  • SOC Casefiles
  • Resume

Connect

2026 Michael Walton. Grey Key Security Lab (SOC Portfolio).

Back to Projects

Wireshark Packet Capture

✅ Verified Complete

Network traffic analysis, packet inspection, and protocol analysis

Network Forensics•medium priority
View on GitHub

Skills Demonstrated

  • Wireshark
  • Packet Analysis
  • Network Forensics
  • Protocol Analysis

Tools Used

WiresharkDockerKali Linux

Screenshots

Wireshark Packet Capture screenshot 1
Wireshark Packet Capture screenshot 2
Wireshark Packet Capture screenshot 3
Wireshark Packet Capture screenshot 4
Wireshark Packet Capture screenshot 5

Documentation

View on GitHub

Wireshark Packet Capture Lab

Project Overview

This project demonstrates network traffic capture and analysis using Wireshark. We captured packets from multiple intentionally vulnerable web applications running inside Docker containers. The objective was to simulate real-world insecure traffic, analyze the data, and identify sensitive information leaks.

Lab Setup

  • Environment:

    • Kali Linux VM (Ethical Hacker version from Cisco Networking Academy)
    • Docker containers:
      • DVWA (Damn Vulnerable Web App)
      • OWASP Juice Shop
      • WebGoat
      • Mutillidae

  • Tools Used:

    • Wireshark
    • Firefox browser
    • Docker CLI

Capture Files

FileDescription
dvwa-capture-4-2-25.pcapngDVWA website interaction capture
juice-shop-capture.pcapngJuice Shop interaction capture
webgoat-capture.pcapngWebGoat interaction capture
login-dvwa.pcapngSpecific login attempt capture for DVWA

All .pcapng files are available in this repository.

Analysis Walkthrough

Follow these steps to analyze the captured packets:

1. Open Capture Files

  • Launch Wireshark.
  • Open a .pcapng file.

2. Use Helpful Filters

http
http.request.method == "POST"
frame contains "password"
frame contains "admin"
frame contains "juice"
tcp.port == 80

3. Analyze HTTP Traffic

  • Look for cleartext login forms.
  • Follow HTTP streams to reconstruct conversations.
  • Identify hints or exposed credentials.

4. Visualize Traffic

  • Use Statistics → Protocol Hierarchy to see protocol distribution.
  • Use Statistics → Conversations to view active sessions.

5. Screenshot Key Findings

  • Capture images of login credentials in traffic.
  • Highlight sensitive data leaks or hints (especially from Juice Shop reviews).

Notable Findings

ApplicationFinding
DVWAUsername/password transmitted without encryption
Juice ShopUsernames hidden inside customer reviews (potential attack vector)
WebGoatInsecure login lessons demonstrated over HTTP

Mutillidae was unavailable due to database errors during capture.

Screenshots

Screenshots are stored in the screenshots/ folder:

Juice Shop Review 1 - Juice Shop customer review containing hidden information

Juice Shop Review 2 - Additional Juice Shop findings

Big Hint - Key finding/hint discovered during analysis

Solution - Solution or key discovery from packet analysis

Mutillidae Server Down - Mutillidae application unavailable during capture (database errors)

Lessons Learned

  • HTTP traffic is easily sniffed without HTTPS.
  • Vulnerable apps can leak useful information passively.
  • Tools like Wireshark are essential for analyzing insecure communications.

Future Improvements

  • Capture HTTPS traffic using SSL/TLS decryption.
  • Simulate MiTM (Man-in-the-Middle) attacks.
  • Add advanced analysis: TCP flags, session reconstruction, etc.

Credits

  • Cisco Networking Academy — Ethical Hacker VM.
  • OWASP — Juice Shop and WebGoat projects.
  • Wireshark Foundation.

🎉 Project Complete!

"You can't protect what you can't see." 🛡️

Evidence

  • 4 pcap files
  • 5 screenshots
  • Complete analysis

Related Projects