After installing wireshark in your computer, capture the SSL packets and answer the following questions.
1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server),determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.
Answer:
Total number of records =11
2. Each of the SSL records begins with the same three fields (with possibly different values).One of these fields is “content type” and has length of one byte. List all three fields and their lengths.
Answer:
Content type : 1 byte
version : 2byte
Length : 2byte
3. Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?
Answer:
The value of content type is Handshake(22)
4. Does the ClientHello record advertise the cipher suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?
Answer:
The client advertise the cipher suites with ECDHE(Elliptic curve Diffe-Hellman) and ECDSA (Elliptic curve Digitial Signature Algorithm) as public key algorithm ,AES as symmetric algorithm and SHA1 as hash algorithm
5. Look to the ServerHello packet. What cipher suite does it choose?
Answer :
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
RSA with SHA is used.
6. Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?
Answer:
1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server),determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.
Answer:
Total number of records =11
2. Each of the SSL records begins with the same three fields (with possibly different values).One of these fields is “content type” and has length of one byte. List all three fields and their lengths.
Answer:
Content type : 1 byte
version : 2byte
Length : 2byte
3. Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?
Answer:
The value of content type is Handshake(22)
4. Does the ClientHello record advertise the cipher suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?
Answer:
5. Look to the ServerHello packet. What cipher suite does it choose?
Answer :
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
RSA with SHA is used.
6. Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?
Answer:
This record includes a nonce under Random. The length of nonce is 28 bytes . The purpose is to prevent a replay
attack.
7 .Does this record include a session ID? What is the purpose of the session ID?
Answer:
The record includes a session ID. It
provides a unique persistent identifier for the SSL session which is
sent in the clear. The client may resume the same session later by
using the server provided session ID when it sends the ClientHello.
8. How many frames does the SSL certificate take to send?
Answer:
SSL certificate takes 2 frames.
