Wireshark Lab: SSL v6.0
Supplement to Computer Networking: A TopDown Approach,
© 200521012, J.F Kurose and K.W. Ross, All Rights Reserved
A Look at the Captured Trace:
Captured SSL Packets
1. Details of the first 8 captured Ethernet frames (SSL) are listed in the following table:
Frame #
Frame
Source
Destination
# of SSL
in Ethereal
#
Records
215
1
192.168.1.104
72.246.122.125
1
217
2
72.246.122.125
192.168.1.104
3
218
3
192.168.1.104
72.246.122.125
3
Change Cipher spec
Encrypted Handshake msg
221
5
192.168.1.104
72.246.122.125
1
Application Data
224
6
72.246.122.125
192.168.1.104
1
Application Data
225
7
72.246.122.125
192.168.1.104
1
Application Data
227
8
72.246.122.125
192.168.1.104
1
Application Data
Details of the first 8 Ethernet Frames for SSL
2. Each SSL record begins with the same three fields (content type, version, and length). The
values for each SSL record type are listed as follow:
Frame #
SSL Record Types
Content Type
Version
Length
1
Client Hello
Handshake (22)
TLS 1.0 (0x0301)
103
2
Server Hello
Handshake (22)
TLS 1.0 (0x0301)
74
Certificate
Handshake (22)
TLS 1.0 (0x0301)
989
3
Client Key Exchange
Handshake (22)
TLS 1.0 (0x0301)
134
Change Cipher spec
ChangeCipherSpec(20)
TLS 1.0 (0x0301)
1
Encrypted Handshake msg
Handshake (22)
TLS 1.0 (0x0301)
48
4
Change Cipher spec
ChangeCipherSpec(20)
TLS 1.0 (0x0301)
Encrypted Handshake msg
Handshake (22)
TLS 1.0 (0x0301)
48
5
Application Data
Application Data (23)
TLS 1.0 (0x0301)
1552
6
Application Data
Application Data (23)
TLS 1.0 (0x0301)
912
8
Application Data
Application Data (23)
TLS 1.0 (0x0301)
Client Hello Record
Expanded Client Hello Record
4. Yes, the Client Hello record contains a challenge and its value in HEX is
0xC074B51864D5EE04F9B547DFF3664597
5. Yes, Client Hello record advertises the cipher suite it supports, as shown below.
Client Hello Record’s Cipher specs
The first listed TLS (SSLv3) cipher spec (highlighted above) is: DHE and RSA (public-key
algorithms) with 256-bit CBC AES (symmetric-key) with SHA (hash algorithm).
Server Hello Record
Expanded Server Hello Record
6. Yes, this record specifies a cipher suite. The chosen suite is
7. Yes, this record includes a nonce, as known as Random.bytes, and it is 28 bytes long (as
8. Yes, this record includes a Session ID which is 32-bytes long. Its purpose is to allow
session resumption, which can significantly reduce the number of time-consuming server
9. Yes, this record contains a certificate. The certificate is 982 bytes long, thus it can fit into
a single Ethernet frame.
Expanded Server Hello Record (2)
Client Key Exchange Record
Expanded Client Key Exchange Record
10. Yes, this record contains a pre-master secret (highlighted above). This encrypted
pre-master secret is decrypted at the server side and is used to produce a master secret.
and serve IV. The secret is encrypted using server’s public key. The encrypted secret is
130-byte long.
Change Cipher Spec and Encrypted Handshake Records
Expanded Change Cipher Spec and Encrypted Handshake Records
11. The purpose of Change Cipher Spec is to indicate change in encryption and authentication
12. The sender of this Encrypted Handshake Records and all handshake messages up to but not
including this message are encrypted in record. This information is concatenated and
13. Yes, the server also sends its own Change Cipher Spec and Encrypted Handshake records.
The only difference is the sender of this record; the sender is now the server while the
Application Data Records
Expanded Application Data Record
14. The application data is encrypted using the specified algorithms in the chosen cipher suite;