SSL Handshake Analysis using Wireshark
Ready for the real environment experience?
Description
Secure Sockets Layer (SSL) is a protocol which allows web HTTPS applications to exchange information securely. When accessing an SSL based website you should notice the "http" in the address line is replaced with "https" and a small padlock is visible in front of URL. Transport Layer Security (TLS) is much similar to SSL, and it is also known as SSL3.1.
Wireshark is a network protocol analyser that security professionals can use to filter and search through in order to understand traffic that has been logged using tcpdump or a similar tool. It has lots of features built in to it which allow for easy data representation and filtering.
You will be analysing a network traffic capture of an SSL handshake and then using a private key to decrypt and extract a file from the capture.
This lab is part of a series on cyber network security.
Learning Objectives
Upon completion of this lab you will be able to:
-
Understand the SSL handshake process at the protocol level and how to extract a file from an SSL conversation using a private key
Intended Audience
This lab is intended for:
- Cyber and network security specialists
Prerequisites
You should possess:
- A basic understanding of Windows operating system environments
Updates
August 24th, 2020 - Added a tip to clarify that newer versions of WireShark use the heading Transport Layer Security rather than Secure Sockets Layer as appears in the lab guide
QA is the UK's biggest training provider of virtual and online classes in technology, project management and leadership.