1. In Wireshark, what filter would you use to see only HTTPS/TLS traffic?

tcp.port == 443tcp.port == 80tls.onlyhttps.only

2. What is DNS spoofing in the context of MITM?

Making a victim resolve a domain name to the attacker’s IP so traffic goes to the attacker.Encrypting DNS queries.Blocking all DNS requests.Speeding up DNS resolution.

3. What is an evil twin in Wi‑Fi attacks?

A fake access point with the same name (SSID) as a legitimate one to capture victim traffic.A second router for backup.A type of WPA3 encryption.A tool used only for legal penetration testing.

4. What is the main takeaway of the lab regarding HTTP vs HTTPS and MITM?

HTTP sends data in clear text that anyone on-path can read; HTTPS encrypts data so encryption prevents eavesdropping; MITM relies on weak or unencrypted channels.HTTP and HTTPS are equally secure.MITM only affects HTTPS.Encryption is unnecessary on trusted networks.

5. What is Perfect Forward Secrecy (PFS) in TLS?

Even if the server’s long-term key is later stolen, past sessions cannot be decrypted.A way to make HTTPS faster.A type of firewall rule.A method to cache TLS keys.

Threat Landscape Overview : MITM

1. In Wireshark, what filter would you use to see only HTTPS/TLS traffic?

2. What is DNS spoofing in the context of MITM?

3. What is an evil twin in Wi‑Fi attacks?

4. What is the main takeaway of the lab regarding HTTP vs HTTPS and MITM?

5. What is Perfect Forward Secrecy (PFS) in TLS?