Networking Wireshark Lab Homework Yes This Record Includes Nonce Known Random bytes

subject Type Homework Help
subject Pages 7
subject Words 861
subject Authors James F. Kurose, Keith W. Ross

Unlock document.

This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
page-pf1
Wireshark Lab: SSL v6.0
Supplement to Computer Networking: A Top-Down Approach,
© 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved
A Look at the Captured Trace:
Captured SSL Packets
1. Details of the first 8 captured Ethernet frames (SSL) are listed in the following table:
Frame #
Frame
Source
Destination
# of SSL
page-pf2
in Ethereal
#
Records
215
1
192.168.1.104
72.246.122.125
1
217
2
72.246.122.125
192.168.1.104
3
218
3
192.168.1.104
72.246.122.125
3
Details of the first 8 Ethernet Frames for SSL
page-pf3
2. Each SSL record begins with the same three fields (content type, version, and length). The
values for each SSL record type are listed as follow:
Frame #
SSL Record Types
Content Type
Version
Length
1
Client Hello
Handshake (22)
TLS 1.0 (0x0301)
103
2
Server Hello
Handshake (22)
TLS 1.0 (0x0301)
74
3
Client Key Exchange
Handshake (22)
TLS 1.0 (0x0301)
134
Change Cipher spec
ChangeCipherSpec(20)
TLS 1.0 (0x0301)
1
Encrypted Handshake msg
Handshake (22)
TLS 1.0 (0x0301)
48
5
Application Data
Application Data (23)
TLS 1.0 (0x0301)
1552
6
Application Data
Application Data (23)
TLS 1.0 (0x0301)
912
Client Hello Record
Expanded Client Hello Record
4. Yes, the Client Hello record contains a challenge and its value in HEX is
0xC074B51864D5EE04F9B547DFF3664597
5. Yes, Client Hello record advertises the cipher suite it supports, as shown below.
page-pf4
Client Hello Record’s Cipher specs
The first listed TLS (SSLv3) cipher spec (highlighted above) is: DHE and RSA (public-key
algorithms) with 256-bit CBC AES (symmetric-key) with SHA (hash algorithm).
Server Hello Record
Expanded Server Hello Record
6. Yes, this record specifies a cipher suite. The chosen suite is
7. Yes, this record includes a nonce, as known as Random.bytes, and it is 28 bytes long (as
page-pf5
8. Yes, this record includes a Session ID which is 32-bytes long. Its purpose is to allow
session resumption, which can significantly reduce the number of time-consuming server
9. Yes, this record contains a certificate. The certificate is 982 bytes long, thus it can fit into
a single Ethernet frame.
Expanded Server Hello Record (2)
Client Key Exchange Record
Expanded Client Key Exchange Record
10. Yes, this record contains a pre-master secret (highlighted above). This encrypted
pre-master secret is decrypted at the server side and is used to produce a master secret.
page-pf6
and serve IV. The secret is encrypted using server’s public key. The encrypted secret is
130-byte long.
Change Cipher Spec and Encrypted Handshake Records
Expanded Change Cipher Spec and Encrypted Handshake Records
11. The purpose of Change Cipher Spec is to indicate change in encryption and authentication
12. The sender of this Encrypted Handshake Records and all handshake messages up to but not
including this message are encrypted in record. This information is concatenated and
13. Yes, the server also sends its own Change Cipher Spec and Encrypted Handshake records.
The only difference is the sender of this record; the sender is now the server while the
page-pf7
Application Data Records
Expanded Application Data Record
14. The application data is encrypted using the specified algorithms in the chosen cipher suite;

Trusted by Thousands of
Students

Here are what students say about us.

Copyright ©2022 All rights reserved. | CoursePaper is not sponsored or endorsed by any college or university.