
tcpdump · Wireshark · Scapy · VMware Workstation Pro 17
This project is the "network layer" counterpart to an earlier password-cracking project. Where that project showed how a stored password can be guessed, this one demonstrates how a password in transit can be read directly if it isn't encrypted.
The goal: capture raw network traffic with the industry's three reference tools (tcpdump, Wireshark, Scapy), read the exact anatomy of a packet, and concretely demonstrate — by intercepting an FTP credential sent in plaintext — why protocols like FTP or Telnet are now considered dangerous in production.
Sniffing never "breaks" encryption: an observer capturing HTTPS or SSH traffic sees unreadable bytes, not content. This project illustrates why widespread TLS adoption has made passive sniffing largely obsolete as a direct threat to content — the real risk today lies in legacy plaintext protocols (FTP, Telnet) and traffic metadata.
