Monthly Archives: March 2013

by

Capturing the SSL packets using Wireshark

1.For each of the first 8 Ethernet frames, specify the source of the frame (client or server),determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.

Frame number

Source

Number of SSL record

Name of record

1

10.30.52.254

1

Client Hello

2

74.125.236.203

1

Server Hello

3

74.125.236.203

3

Certificate,

Server Key Exchange, Server Hello Done

4

10.30.52.254

3

Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

5

74.125.236.203

3

Encrypted Handshake Message,

Change Cipher Spec, Encrypted Handshake Message

6

10.30.52.254

1

Application Data

7

74.125.236.203

1

Application Data

8

74.125.236.203

1

Application Data

Timing diagram

Image

Screen-shot

Image

2.Each of the SSL records begins with the same three fields (with possibly different values).One of these fields is “content type” and has length of one byte. List all three fields and their lengths.

Three fields in Record protocol are:

Content type - 1 bytes
Version - 2 bytes
Length - 2 bytes

3.Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?

Content Type: Handshake (22)

4.Does the ClientHello record advertise the cipher suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?


Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

Public-key algorithm : ECDHE

Symmertic-key algorithm:AES

Hash algorithm:SHA

5.Look to the ServerHello packet. What cipher suite does it choose?

Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)

6.Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?

Yes.It contains 28bytes.Used for session communication between unique nodes.

7. Does this record include a session ID? What is the purpose of the session ID?


Yes this record include session ID of length 32 bytes.The purpose of session ID is to keep track of the session between client and server.

8. How many frames does the SSL certificate take to send?

One frame
by

Setting up the Webserver and enabling https connection

HTTPS stands for HyperText Transfer Protocol over SSL(Secure Socket Layer).It encrypts and decrypts user page requests as well as the pages that are returned by the Web server.

Steps for set up a web server and enabling https on it

1. Activate apache2 ssl module. 

sudo a2enmod ssl

3.Apache ssl virtual host activation. 

sudo a2ensite default-ssl

4.Restart the apache2 web server

sudo /etc/init.d/apache2 restart

5.Create a self-signed SSL certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

The terminal look like this:

-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----
Country Name (2 letter code) [AU]:In
State or Province Name (full name) [Some-State]:kerala
Locality Name (eg, city) []:kollam
Organization Name (eg, company) [Internet Widgits Pty Ltd]:amrita
Organizational Unit Name (eg, section) []:csn
Common Name (e.g. server FQDN or YOUR name) []:mtech
Email Address []:chindunair12@gmail.com

6.Set up the certificate

We need to set up the virtual hosts to display the new certificate.
6.1 Open up the SSL config file:

sudo nano /etc/apache2/sites-available/default

We need to make the following changes
Change the port on the virtual host to 443, the default SSL port:

<VirtualHost:*443>

Add a line with your server name right below the Server Admin email:

ServerName mtech:443

Add the following three lines to the virtual host configuration

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Save and exit out of the file.

7.Activate new virtual host

sudo a2ensite default

8.Restart your apache server

sudo service apache2 reload

9.Checking for https activation.

Open the web browser and type localhost. You will be connected through secure http connection.

ie, It displays ” https://localhost” in the browser url space.

The certificate is look like this:

Selection_008