SSL Handshake Analysis using Wireshark

Developed with
QA

Lab Steps

lock
Starting the Cyber Network Security Lab Exercise

Ready for the real environment experience?

DifficultyIntermediate
Time Limit2h
Students9

Description

Secure Sockets Layer (SSL) is a protocol which allows web HTTPS applications to exchange information securely. When accessing an SSL based website you should notice the "http" in the address line is replaced with "https" and a small padlock is visible in front of URL. Transport Layer Security (TLS) is much similar to SSL, and it is also known as SSL3.1.

Wireshark is a network protocol analyser that security professionals can use to filter and search through in order to understand traffic that has been logged using tcpdump or a similar tool. It has lots of features built in to it which allow for easy data representation and filtering.

You will be analysing a network traffic capture of an SSL handshake and then using a private key to decrypt and extract a file from the capture.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Understand the SSL handshake process at the protocol level and how to extract a file from an SSL conversation using a private key

Intended Audience

This lab is intended for:

  • Cyber and network security specialists

Prerequisites

You should possess:

  • A basic understanding of Windows operating system environments

Updates

August 24th, 2020 - Added a tip to clarify that newer versions of WireShark use the heading Transport Layer Security rather than Secure Sockets Layer as appears in the lab guide

About the Author
Students1463
Labs19
Courses14
Learning paths6

QA is the UK's biggest training provider of virtual and online classes in technology, project management and leadership.