Secure Sockets Layer (SSL) is a protocol which allows web HTTPS applications to exchange information securely. When accessing an SSL based website you should notice the "http" in the address line is replaced with "https" and a small padlock is visible in front of URL. Transport Layer Security (TLS) is much similar to SSL, and it is also known as SSL3.1.
Wireshark is a network protocol analyser that security professionals can use to filter and search through in order to understand traffic that has been logged using tcpdump or a similar tool. It has lots of features built in to it which allow for easy data representation and filtering.
You will be analysing a network traffic capture of an SSL handshake and then using a private key to decrypt and extract a file from the capture.
This lab is part of a series on cyber network security.
Learning Objectives
Upon completion of this lab you will be able to:
-
Understand the SSL handshake process at the protocol level and how to extract a file from an SSL conversation using a private key
Intended Audience
This lab is intended for:
- Cyber and network security specialists
Prerequisites
You should possess:
- A basic understanding of Windows operating system environments
Updates
August 24th, 2020 - Added a tip to clarify that newer versions of WireShark use the heading Transport Layer Security rather than Secure Sockets Layer as appears in the lab guide
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.