SSL Handshake Analysis using Wireshark

Developed with

Lab Steps

Starting the Cyber Network Security Lab Exercise

The hands-on lab is part of this learning path

Ready for the real environment experience?

Time Limit2h


Secure Sockets Layer (SSL) is a protocol which allows web HTTPS applications to exchange information securely. When accessing an SSL based website you should notice the "http" in the address line is replaced with "https" and a small padlock is visible in front of URL. Transport Layer Security (TLS) is much similar to SSL, and it is also known as SSL3.1.

Wireshark is a network protocol analyser that security professionals can use to filter and search through in order to understand traffic that has been logged using tcpdump or a similar tool. It has lots of features built in to it which allow for easy data representation and filtering.

You will be analysing a network traffic capture of an SSL handshake and then using a private key to decrypt and extract a file from the capture.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Understand the SSL handshake process at the protocol level and how to extract a file from an SSL conversation using a private key

Intended Audience

This lab is intended for:

  • Cyber and network security specialists


You should possess:

  • A basic understanding of Windows operating system environments


August 24th, 2020 - Added a tip to clarify that newer versions of WireShark use the heading Transport Layer Security rather than Secure Sockets Layer as appears in the lab guide

About the Author
Learning paths37

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.