CSI3207/CSI5212

Network Security Fundamentals

MAJOR ASSIGNMENT

MAJOR ASSIGNMENT
STUDENT ID

STUDENT NAME STUDENT ID:

Contents
EXECUTIVE SUMMARY ........................................................................................................................... 1
INTRODUCTION ......................................................................................................................................... 1
OBJECTIVES ............................................................................................................................................... 1
LUCENT PHARMA NETWORK DESIGN................................................................................................. 1
1. Vulnerabilities in the system ............................................................................................................. 2
2. Placing security devices/controls in the network .............................................................................. 2
a) Firewall.......................................................................................................................................... 3
b) IDS/IPS.......................................................................................................................................... 3
c) Honeypot ....................................................................................................................................... 3
d) Packet filtering Router/Switch ...................................................................................................... 4
e) Proxy server................................................................................................................................... 4
f) WPA2/APS.................................................................................................................................... 4
3. Segregation of network into multiple domains ................................................................................. 4
4. Firewall policies and firewall rules ................................................................................................... 5
5. IDS/IPS policies ................................................................................................................................ 5
6. Security policies ................................................................................................................................ 6
7. Proposed Secure Network Design ..................................................................................................... 8
NAMP AND WIRESHARK TOOL RESULTS ........................................................................................... 9
1. NMAP Scan....................................................................................................................................... 9
2. Recording Traffic using Wireshark ................................................................................................... 9
3. Different Type of scans ................................................................................................................... 10
4. Analyzing different Type of scans .................................................................................................. 11
5. Different types of filters used in Wireshark .................................................................................... 12
a) Only http traffic ........................................................................................................................... 12
b) Exclude http traffic ...................................................................................................................... 12
c) Display and capture filter ............................................................................................................ 12
CONCLUSION ........................................................................................................................................... 12
REFERENCES ............................................................................................................................................ 13
APPENDICES ............................................................................................................................................. 15
A.1) Network Diagram ............................................................................................................................ 15

STUDENT NAME STUDENT ID:

B.1) Screenshot of port scanning of web server scanme.nmap.org ......................................................... 15
B.2) Screenshot of wireshark, capturing traffic of port scanning ............................................................ 16
B.3) Screenshot of different Types of scan ............................................................................................. 16
B.4) Screenshot of different filters used in wireshark ............................................................................. 18
EXECUTIVE SUMMARY
This report is not only concerned about detecting and fixing the vulnerabilities in an existing network, but
also concerned about the basic usage of the cyber security tools such as Nmap and Wireshark. We analyze
the Lucent Pharma network and realize that there are multiple vulnerabilities present in the network, such
as lack of security control and devices, poor encryption method, lack of security of stored data etc. We place
some security control and devices in the system such as firewall, IDS/IPS, honeypot, proxy servers etc. and
define some firewall, IDS/IPS and security policies. We use the network segregation into multiple domain
to increase the security within the internal network. We also update the design of the existing network to
increase its security. In the 2nd part of the report, we highlighted various scan results of the Nmap, conducted
on a webserver scanme.nmap.org and analyze traffic of the server using wireshark with the help of different
filters. Overall, this report enhance the knowledge of the students about the devices, controls and cyber
security software use in the network security fundamentals.

INTRODUCTION
This assignment is designed to help students to enhance their knowledge about the way security of a network
can be improved. Network design of a company called “Lucent Pharma” is given and we, as a network
security consultant, need to identify the vulnerabilities existing in the network. Furthermore, we need to
place security devices and controls to improve the system and mention IDS, firewall and security policies
that can help in increasing the overall security of the network. In the last part of the assignment we use the
cyber security tools ‘Nmap’ and ‘Wireshark’ to conduct different scans on a server ‘scanme.nmap.org’ and
analyze the traffic. We were only permitted to scan the server ‘scanme.nmap.org’, because scanning any
other server, without permission, is unlawful and unethical.

OBJECTIVES
The basic aims of this assignment is to not only test and enhance the knowledge of students about network
security and topology of an existing network, but also test the hands-on experience on the use of cyber-
security tools ‘Nmap’ and ‘Wireshark’. Elaborating the aims of this assignment, it assess the students
whether they can identify the vulnerabilities present in an existing system and provide reasonable solutions
to reduce the risks present in the system. Furthermore, it examine the student’s knowledge about importance
of network segregation into multiple domains and importance of setting firewall, IDS and security policies
in improvement of network security. Lastly, student’s knowledge of analyzing traffic on a webserver using
cyber security tools is tested, which required students to conduct and analyze different type of scans on the
webserver.

LUCENT PHARMA NETWORK DESIGN

‘Lucent Pharma’ is a pharmaceutical firm based in Perth and has two offices in two different suburbs. The
firm’s current network topology was deployed in a rush and does not include any effective security control.

1|P a g e STUDENT NAME ID

Since the business is expanding and number of competitors are increasing, the company’s CEO is worried
about the cyber security of its network.

1. Vulnerabilities in the system

Analyzing the system, we identify there are several risks and vulnerabilities present in the existing system.
five major vulnerabilities are as follows:
i) There is no barrier (such as firewall) between the trusted internal network and untrusted external
network i.e. internet. There isn’t any system that monitors and control the incoming and
outgoing network traffic. It is a great risk in any network in which there isn’t any barrier
between internal and external network because any malicious traffic from the external network
can damage or hack your internal network.(Alperen, 2011).
ii) The network system doesn’t contain any protection against the stored data of the clients lists,
trade secrets etc. and it is accessible by the wireless network by all departments. Since there is
no barrier between the external and internal network, the store information is at risk from both
external and internal traffic.(King & Raja, 2012)
iii) The Wired Equivalent Privacy (WEP) is an encryption method that provides the same level of
security as a wired network on a wireless connection. WEP make use of the RC4 encryption
engine. RC4 is not basically an issue. The issue is the way RC4 is implemented in the system.
The system breaks the number 1 rule of the RC4, which is never re-use a key. WEP allows the
keys to be repeated. The security code is consisted of a sequence of hexadecimal numbers, but
WEP make use of shared key authentication, which can be sent across the network. What
usually hackers do is they inject a customized key, and in this way they able to decrypt the data.
(Hoffman, 2010)
iv) There is no security method developed to protect the servers of the network. There is no
encryption method, firewall protection, VPN etc. between the servers and the rest of the
network. It is very easy for the external traffic to attach the servers of the network as there is
only protection between the router and the servers.
v) There is no prevention method against the rogue access point. Any one from the network can
access the router and servers, thus they can make their own access points which can then be
prone to attacks from hackers. In this way, these access points can provide easy access to
hackers to enter into the network. (Beyah, Kangude, Yu, Strickland, & Copeland, 2004)

2. Placing security devices/controls in the network

There are several devices or controls that we can place in the system to increase the overall security of the
network. However, we need to be careful while placing these devices in the system, so we don’t compromise
either the network performance or the security of the network.
a) Firewall
A firewall is a system designed to prevent unauthorized access to or from a private network. You can
implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent
unauthorized internet users from accessing private networks connected to the internet, especially
intranets. (Indiana University, 2018) Hardware firewall is placed between the router and the internet
connection. Software firewall are usually installed in the computers. Although they are cheap to install and
run, they can decrease the performance of your devices. Therefore, it is recommended that in commercial
network like the one we are discussing, we should place hardware network along with basic software
firewall (that is already installed in newer version of windows and linux) and as mentioned these firewall
should be between router and internet connection. (Panda Security, 2018)

b) IDS/IPS
Intrusion detection is a detection method, in which traffic or packets within your network is monitored and
then analyzed for any possible violation, threats or unusual activity. Intrusion prevention comes after the
intrusion detection. Once the threats are detected, Intrusion prevention take measures to stop the attack.
These security measures are available as intrusion detection systems (IDS) and intrusion prevention systems
(IPS), which are necessary part of your network. (Juniper Networks, 2018)
There are several access points, both public and private, with an organization’s network. Therefore, it is a
big challenge to main the security of the network in presence of these many access points. Especially now
a days, when attackers have developed new ways to attack the networks, which resulted in a situation in
which networks are not entirely secure by just firewall and encryption methods. (Pappas, 2008)
IDS/IPS can be set passively, but in this way, the attack can still reach the network. Therefore, IDS should
be set inline, attached to a spanning port of a switch, or make use of a hub in place of a switch. The idea
behind is that IDS/IPS able to monitor all the incoming and outgoing packets.(Beale, Baker, Esler,
Kohlenberg, & Northcutt, 2007)

c) Honeypot
Honey pots are a way of trapping the attacker, by misleading him that he is inside your network; however,
attacker is actually inside the honeypot and all the information of the attacker is being accessed by our
network, using the logs. It is a great tool in knowing the type of the attack and information about the attacker.
In other words, Honeypots is a type of active defense i.e. essentially tempting cybercriminals to attack it.
Once they are inside your network, you can build the profile about attacker and the type of the attack, which
will boost up the protection of the network
There are three types of honeypot, according to their involvement. As the involvement increases, the risk
associated with it increases. Low involvement is the level in which the honeypots provide simple services
and the freedom given to attackers is minimum. They are passive in approach so attackers cannot use them
to attack other systems, thus they are well suited for organizations and many production honeypots come
into this category (Verma, 2003). Medium level and high level involvement honeypots are higher in risk,
but provide greater benefits. Due to the high cost and complexity associated with designing such controls,
they are not being considered to implement in this network.
Honeypots can be placed externally as well as internally according to the purpose of their deployment.
However, by placing them inside the DMZ (De militarized zone), they can easily emulate the servers that
are freely accessible to the public domains. This also increases the security of the production environment
because of the limited access to internal network from the DMZ. (Lui, 2016)

d) Packet filtering Router/Switch

The router and switches are already present in the system and there is no need of any additional routers or
switches in the system. However we believe that the simpler routers are not enough in terms of providing
security to the network. Therefore, it is better to replace the existing router with the packet filtering routers
and switches to make the network more secure. The packet filtering router can be put in the network similar
to the normal router i.e. it connects the internal network with the external network and provide connection
to multiple devices or sub-networks present in the network.

e) Proxy server
Proxy server intercept the connections between the sender and the receiver. The incoming data is entered in
one port and the outgoing data is forwarded to the receiver in the network via the other port. Proxy server
monitor the traffic coming and going out of the network. It can be used to monitor the employee use of the
outside resources. It can also be used to block few of the services of the network to some of the employees.
For example, the IT department can have their own VLAN and the access of data of IT department is only
to the IT department employees and administrator, not to the other staff members.
Proxy servers can be place at the start of any network. They can be place in line with the firewall or can be
a part of the firewall. (Luotonen, 1998)

f) WPA2/APS
The wireless encryption method used in the company’s network was WEP and we have already seen the
vulnerabilities present in this type of encryption method. Therefore, it is necessary to change the encryption
method to WPA2 + AES, which is the most advanced, latest and secure encryption method in the market.
Another benefit of using this method is that it doesn’t compromise the speed of the network. (Lashkari,
Danesh, & Samadi, 2009)

3. Segregation of network into multiple domains

Network segregation, the term defines as division of networks into further network. This method is
extremely important to make the network more efficient and secure. When computer communicating with
each other, the traffic for each segment will communicate within segments which can avoid traffic collision.
Moreover, segmented network cannot be access by any person except authorize person of that segment and
each segment can be secure by different firewall and security software. And if any segment is under attack,
then the remaining segments will be saved which reduces risk of threats. To make the segments more secure,
VPN (Virtual Private Network) can be used and VPN keeps privacy from other segments. (Jackson, 2014).
The lack of network segregation means that the data of different department within the company is
accessible to the other departments, in this way, privacy of sensitive data can be compromised. There are
chances of different types of attacks within the network because of lack of security in case of no network
segregation.
As we can see that in the network under discussion, all of the department have access to the all the computers
and servers existing in the network. This way, the sensitive information about the network, like information
about network security, information about clients and employees etc. are not secured from the internal
attacks. Therefore, it is very important that the network is divided into different sub-networks (VLANs)

4. Firewall policies and firewall rules

 All the electronic devices that are connected to the company’s network should have an appropriate
network firewall installed, updated and enabled.
 All the modifications to a network firewall and its configuration is prohibited unless and until it is
approved by the Firewall administrator.
 Host Firewall is recommended for any individual Host with access to the Internet.
 Without a proper signed Risk Acceptance Agreement, no one is permitted the management of a network
Firewall Ruleset
 Firewall should only permit appropriate source and destination IP addresses to be used
 Outbound traffic with invalid source addresses should be blocked
 Traffic with an invalid source address for incoming traffic or destination address for outgoing traffic
should be blocked

5. IDS/IPS policies
 Any suspected or confirmed incident of any type of intrusions must be reported immediately to the
company’s administration.
 Audit process of all the types of application and accounting software should be enabled at all times on
all host and server systems
 Logs of all the devices must be monitored and reviwed
 Monitor both host and network based IDS/IPS system regularly.
6. Security policies

1. Wireless communication policy

The policy is designed to secure and protect the information and data of the company while electronic
devices are being connected to the wireless network of the company. Some of the rules of this policy are:

 All devices connecting to the network should meet the specific standards.
 The hardware address (MAC address) should be registered and can be accessed by the
administrator(SANS, 2018)

2. Router and switch security policy

All the router and switches should meet the minimum security requirements as described by the company’s
IT administrator during the network design.

 There should be restriction on various features across the network i.e. UDP and TCP small services, IP
directed broadcasts, web services on the router etc.

 The credentials of the router and switch should be kept in an encrypted form.

 The routers must be updated regularly in a secure manner.(SANS, 2018)

3. Database credentials policy

The programs should be authenticate to access the internal database servers by giving the appropriate
credentials of that database. Therefore, the credentials (username and password) of all the databases should
be stored in a secure manner

 There should be a separate file for the database usernames and passwords. The file should not be
readable or writable and the credentials should be in encrypted form.

 Different software/program should have different credentials requirement to access the database.
(SANS, 2018)

4. Server Audit policy

The purpose of this policy is to maintain that all the servers developed on the company’s network are
according to the security policies.

 The system logs should be sent to a central log review system

 The actions by all the employees including administrators should be logged
 Use of central patch development system is necessary
  All the security control software, anti-virus, anti-malware, firewall should be installed, updated (SANS,
2018)

5. Password protection policy

This policy is designed to encourage employees to create strong passwords and in order to protect them
change them regularly

 All passwords should have a combination of letters, numbers etc. as mentioned by the company’s
password creation guideline

 All the employees should change their password every 2 to 3 months.

 System would not accept any password used within a year (SANS, 2018)

6. Password construction guidelines

This policy deals with the requirements of password creation

 There should be at least 8 characters in the password

 There should be at least one number in the password

 Should be a combination of lower and uppercase

 Should contain at least one special character (&^@_) (SANS, 2018)

7. Email policy
This policy highlights the limited use of ‘Lucent Pharma’ email system, alert the users to adequately use the
email system.

 The account for ‘Lucent Pharma’ must be used business related purposes, personal use is restricted.

 All the emails and attached documents must be protected.

 There is no privacy on company’s email account from company’s email system. (SANS, 2018)

8. VPN Policy
This policy is used to outline all the requirements and restriction in regards to VPN.

 All other traffic will be dropped out when VPN traffic will pass through VPN tunnel.

 Employees using VPN rights are responsible to make sure that unauthorized users have no right to use
company’s networks. (SANS, 2018)
 Only one connection is allowed at one time, split tunneling is not allowed.

 All the connected computers to company’s network through VPN must have updated antivirus
software.

9. Wireless LAN policy

These rules are designed to describe how the Wireless local area network should be created and used on the
company’s network, so that company is secure from any malicious activities.

 No WLAN should be created without the permission, registration or consolation with the IT
department.
 There should not be any attempts to access the restricted WLAN. If you think you are required to access
a certain WLAN, then you should contact the IT department
 There should not be any WLAN created in the organization that can’t be monitored or accessed by the
IT department. (SANS, 2018)

10. BYOD Policy

This policy is designed to set the rules for the way employee should use their personal devices on the
company’s network

 There should be no personal communication or recreation such as reading, gaming etc. through the
company’s network
 The usage social media APPs (Facebook, Instagram) and other messengers on the company’s network
is prohibited.
 Employees may use their mobile device to access the following company-owned resources: email,
calendars, contacts, documents, etc. (SANS, 2018)

7. Proposed Secure Network Design

The proposed network diagram is given in the appendices. Some of the devices and controls that are added
to the system and their relative positions in the network is as follows:
1) Firewall and proxy server is installed between the internet and the router
2) Honey pot is placed in the DMZ zone between the internet and the router
3) IPS/IDS is placed incline with all the switches present in the system
4) Router is being placed with packet filtering router
5) The encryption method is changed from WPE to WPA2+APS.
6) All the departments have different VLANs and the all the servers are combined to make a VLAN as
well

NAMP AND WIRESHARK TOOL RESULTS

1. NMAP Scan
In this part, we scan the server scanme.nmap.org using the tool ‘Nmap’. The command use for this port scan
is “nmap scanme.nmap.org”. The screenshot of the results are given in the appendices of the report.
The result is as follows:

Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-22 23:55 AUS Eastern Standard Time
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.17s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 9.49 seconds

2. Recording Traffic using Wireshark

In this part, we record the traffic of the server scanme.nmap.org using the tool Wireshark. To do this, we
just run the wireshark, and we apply the filter ‘ip.addr == 45.33.32.156’. The IP address 45.33.32.156 is the
ip address of the scanme.nmap.org. Now by click on start capturing traffic, it should only capture the traffic
associated with this IP address. Since, there is no scan going on at that point, the wireshark should not show
any traffic. Now we scan the web server scanme.nmap.org using the Nmap tool. As the scan start, the
wireshark shows the traffic of the scan.
A sample of the results is shown below in the form of a screenshot.
3. Different Type of scans
All the screenshots of the different types of scans conducted are given at the end of the report in the
appendices section

SR Type of Command Arguments Description Discussion

Scan of Argument
A TCP SYN nmap -sS scanme.nmap.org -sS stealth This technique is often
scanning referred to as half-open
scanning, because you
don't open a full TCP
connection. You send a
SYN packet, as if you are
going to open a real
connection and then wait
for a response
B OS and nmap -sV -O scanme.nmap.org -sV –O sV = service The -sV option enables
Version version version detection, and the
detection -O = Enable -O option enables both
OS detection, OS fingerprinting and
version version detection, as well
C Quick nmap -T4 -F scanme.nmap.org -T4 –F T4 a timing T4 prohibits the dynamic
option scan delay from
F = Fast exceeding 10 ms for TCP
mode ports
D Single port nmap -p 22 scanme.nmap.org -p P = port The argument ‘p’ allow
you to select the port, the
numbers next to it specify
the ports you want to
scan. It can be single or a
range of it.
 E Range of nmap -p 22-88 -p P = port The argument ‘p’ allow
ports scanme.nmap.org you to select the port, the
numbers next to it specify
the ports you want to
scan. It can be single or a
range of it.
F All ports nmap -p- scanme.nmap.org -p P = ports The dash after p tells the
Nmap to scan all the
ports.

4. Analyzing different Type of scans

A Commands Used TCP SYN nmap -sS scanme.nmap.org

OS and Version detection nmap -sV -O scanme.nmap.org
Quick nmap -T4 -F scanme.nmap.org
Single port nmap -p 22 scanme.nmap.org
Range of ports nmap -p 22-88 scanme.nmap.org
All ports nmap -p- scanme.nmap.org

B IP address of the target server 45.33.32.156

C Open ports 22 Secure Shell Port 22 is designed to gain access to the
(SSH)
remote computer to conduct various
activities. The files can also be
transferred on this port using File
Transfer protocol. (Touch et al., 2013).
80 HTTP Port 80 is designed HTTP (Hypertext
Transfer Protocol), thus, network can
communicate with the internet. All the
data of webpages are being sent and
received through Port 80.
9929 N/A Port 9929 uses TCP (Transmission
Control Protocol). There is no specific
purpose of this report. However, it assure
the delivery of the packets if running on
TCP and if running on UDC, then
delivery of packets are not assured.
31337 Back Orifice This port uses the TCP/UDP protocol by
back orifice service. Many Trojans, back
fires and Baron night can be executed on
 this port. Hackers usually use this port for
malicious activities.

5. Different types of filters used in Wireshark

a) Only http traffic

To display only http traffic of the webserver scanme.nmap.org, we use the combination of filters ‘http’ and
id.addr. On the display filter we typed in “ip.addr == 45.33.32.156 && http”. ip.addr filter is responsible
for showing just the traffic from the scanme.nmap.org server and the http filter is responsible for showing
just the http traffic. Results are shown in the appendices

b) Exclude http traffic

To exclude the http traffic of the webserver scanme.nmap.org, we use the combination of filters ‘not(http)’
and id.addr. On the display filter we typed in “ip.addr == 45.33.32.156 && not(http)”. ip.addr filter is
responsible for showing just the traffic from the scanme.nmap.org server and the http filter is responsible
for not showing the http traffic. Results are shown in the appendices

c) Display and capture filter

A capture filter is used to select which packets should be saved to disk while capturing. The things that can
be filtered on are predefined and limited (compared to display filters) as full dissection has not been done
on the packets. Display filters are used to change the view of a capture file. They take advantage of the full
dissection of all packets

CONCLUSION
In this report, we able to identify the vulnerabilities present in the lucent pharma network and add security
controls and devices such as firewall, IPD/IDS etc. to the network. We proposed a new design and policies
for the company. Additionally, we able to successfully conduct various types of scan on the webserver
scanme.nmap.org and able to capture traffic of the scan on the Wireshark. We also analyze the traffic using
different types of filter. In short, all of these tasks help us in enhancing our knowledge about the security of
the network, cyber security and efficient design of a network.
REFERENCES

Alperen, M. J. (2011). Cyber Security. Hoboken, NJ, USA: Hoboken, NJ,

USA: John Wiley & Sons, Inc.
Beale, J., Baker, A. R., Esler, J., Kohlenberg, T., & Northcutt, S. (2007).
Snort: IDS and IPS Toolkit: Syngress.
Beyah, R., Kangude, S., Yu, G., Strickland, B., & Copeland, J. (2004).
Rogue access point detection using temporal traffic characteristics.
Paper presented at the Global Telecommunications Conference,
2004. GLOBECOM'04. IEEE.
Hoffman, C. (2010). Vulnerabilities in WEP.
Indiana University. (2018). What is a firewall? Retrieved from
https://kb.iu.edu/d/aoru
Jackson, G. S. (2014). What Are the Benefits of Segmentation on a
Network? AZ Central.
Juniper Networks. (2018). What is IDS and IPS? Retrieved from
https://www.juniper.net/us/en/products-services/what-is/ids-ips/
King, N. J., & Raja, V. (2012). Protecting the privacy and security of
sensitive customer data in the cloud. Computer Law & Security
Review, 28(3), 308-319.
Lashkari, A. H., Danesh, M. M. S., & Samadi, B. (2009). A survey on
wireless security protocols (WEP, WPA and WPA2/802.11 i). Paper
presented at the Computer Science and Information Technology,
2009. ICCSIT 2009. 2nd IEEE International Conference on.
Lui, S. (2016). The Dos And Don'ts Of Running Security Honeypots In
Your Organisation. Life Hacker.
Luotonen, A. (1998). Web proxy servers: Prentice-Hall, Inc.
Panda Security. (2018). What is the difference between a hardware
firewall and a software firewall? Retrieved from
https://www.pandasecurity.com/usa/support/card?Id=31435
Pappas, N. (2008). Network IDS & IPS Deployment Strategies. SANS
Institute InfoSec Reading Room.
SANS. (2018). Information Security Policy Templates. Retrieved from
https://www.sans.org/security-resources/policies
Touch, J., Kojo, M., Lear, E., Mankin, A., Ono, K., Stiemerling, M., &
Eggert, L. (2013). Service name and transport protocol port number
registry. The Internet Assigned Numbers Authority (IANA).
Verma, A. (2003). Production Honeypots: An Organization’s view. SANS,
vol. NA, no. NA, 1-30.
APPENDICES
A.1) Network Diagram
B.1) Screenshot of port scanning of web server scanme.nmap.org

B.2) Screenshot of wireshark, capturing traffic of port scanning

B.3) Screenshot of different Types of scan

1) TCP/SYN SCAN
2) OS detection and version detection

3) Quick Scan

4) Scan single port

5) Scan Multiple Ports

6) Scan All Ports

B.4) Screenshot of different filters used in wireshark

1) Http traffic only

2) Traffic excluding HTTP