1.For each of the first 8 Ethernet frames, specify the source of the frame (client or server),determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.
-
Frame number
Source
Number of SSL record
Name of record
1
10.30.52.254
1
Client Hello
2
74.125.236.203
1
Server Hello
3
74.125.236.203
3
Certificate,
Server Key Exchange, Server Hello Done
4
10.30.52.254
3
Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
5
74.125.236.203
3
Encrypted Handshake Message,
Change Cipher Spec, Encrypted Handshake Message
6
10.30.52.254
1
Application Data
7
74.125.236.203
1
Application Data
8
74.125.236.203
1
Application Data
Timing diagram
Screen-shot
2.Each of the SSL records begins with the same three fields (with possibly different values).One of these fields is “content type” and has length of one byte. List all three fields and their lengths.
Three fields in Record protocol are:
Content type - 1 bytes Version - 2 bytes Length - 2 bytes
3.Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?
Content Type: Handshake (22)
4.Does the ClientHello record advertise the cipher suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Public-key algorithm : ECDHE
Symmertic-key algorithm:AES
Hash algorithm:SHA
5.Look to the ServerHello packet. What cipher suite does it choose?
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
6.Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?
Yes.It contains 28bytes.Used for session communication between unique nodes.
7. Does this record include a session ID? What is the purpose of the session ID?
Yes this record include session ID of length 32 bytes.The purpose of session ID is to keep track of the session between client and server.
8. How many frames does the SSL certificate take to send?
One frame