MITM/PCAP Analysis Project | CS 6035: Introduction to Information Security

Learning Goals

In this project, you’ll take on the role of a cybersecurity analyst to investigate a Man-in-the-Middle (MITM) attack using real-world network forensics techniques.

You will:

Analyze packet capture (PCAP) files using tools like Wireshark and pyShark.
Identify MITM techniques and behaviors across the OSI layers.
Gain familiarity with application-layer protocols such as HTTP, IRC and others.
Interpret protocol behavior through RFC documents to understand standards and anomalies.

Tools You’ll Use

Wireshark – https://www.wireshark.org
Industry-standard tool for analyzing network traffic visually and in detail.
pyShark – https://kiminewt.github.io/pyshark/
A Python wrapper for tshark that allows programmatic packet inspection.
John the Ripper – https://www.openwall.com/john/
A powerful password cracker used to analyze intercepted hashes or credentials. —

Protocols You’ll Explore

HTTP (Hypertext Transfer Protocol)
- Mozilla’s HTTP overview
- Sam Barros’ HTTP walkthrough
IRC (Internet Relay Chat)
- What is IRC and how it works

RFCs You Should Review

As this is a graduate-level course, you’re expected to explore protocol specifications via official RFCs:

RFC1459 – Internet Relay Chat Protocol: https://datatracker.ietf.org/doc/html/rfc1459
RFC2616 – HTTP 1.1 Specification: https://datatracker.ietf.org/doc/html/rfc2616

✅ Final Deliverables

There are two deliverables for this project, each submitted via Gradescope:

Man in the Middle – PCAP Analysis
- A single JSON file named project_mitm.json.
- A template will be provided in the next section.
Man in the Middle – Programming Assignment
- Write a small program that automates part of your analysis using pyShark/tshark.
- This encourages scripting for repeatable and scalable workflows.

Ready to dive in? Head to the background and setup to begin your investigation.

CS 6035: Introduction to Information Security

WELCOME TO