Professional Documents
Culture Documents
2014
Lab7
1.For each ofthe first 8Ethernetframes,specify thesourceof theframe (clientor server),
determinethenumberofSSLrecordsthatareincludedintheframe,andlisttheSSLrecord
typesthatareincludedintheframe.Drawatimingdiagrambetweenclientandserver,with
onearrowforeachSSLrecord.
Answer
Figure1
No.
1
2
3
4
5
6
7
8
Frame
106
108
111
112
113
114
122
127
Source
128.238.38.162
216.75.194.220
216.75.194.220
128.238.38.162
216.75.194.220
128.238.38.162
216.75.194.220
216.75.194.220
Destination
216.75.194.220
128.238.38.162
128.238.38.162
216.75.194.220
128.238.38.162
216.75.194.220
128.238.38.162
128.238.38.162
SSLCount
1
1
2
3
2
1
1
1
SSLType
ClientHello
ServerHello
ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
ApplicationData
ApplicationData
ApplicationData
2014
2.EachoftheSSLrecordsbeginswiththesamethreefields(withpossiblydifferentvalues).
Oneofthesefieldsiscontenttypeandhaslengthofonebyte.Listallthreefieldsandtheir
lengths.
Answer
ContentType=1byte
Version=2bytes
Length=2bytes
2014
3.ExpandtheClientHellorecord.(IfyourtracecontainsmultipleClientHellorecords,expand
theframethatcontainsthefirstone.)Whatisthevalueofthecontenttype?
Answer
Thecontenttypeis22
4.DoestheClientHellorecordcontainanonce(alsoknownasachallenge)?Ifso,whatisthe
valueofthechallengeinhexadecimalnotation?
Answer
66df784c048cd60435dc448989469909
2014
Sameasabovequestion,
Publickeyalgorithm:RSA
Symmetrickeyalgorithm:RC4
Hashalgorithm:MD5
7.Doesthisrecordincludeanonce?Ifso,howlongisit?Whatisthepurposeoftheclientand
servernoncesinSSL?
Answer
Yes,itis32bitslong(28bitsdata+4bitstime),itisusedforattackpreventing.
2014
9. Does this record contain a certificate, or is the certificate included in a separate record.
DoesthecertificatefitintoasingleEthernetframe?
Answer
No, there is no certificate in this record. The certificate is in the separate record. Yes, the
certificatefitintoasingleEthernetframe.
10.Locatetheclientkeyexchangerecord.Doesthisrecordcontainapremastersecret?What
isthissecretusedfor?Isthesecretencrypted?Ifso,how?Howlongistheencryptedsecret?
Answer
Yes,thisrecordcontainsapremastersecret.Themastersecretiscreatedusingthispremaster
secret.Themasterkeyisusedtocreatesessionkey.Thesecretisencryptedbypublickey,the
encryptedsecretis120bytes.
11.WhatisthepurposeoftheChangeCipherSpecrecord?Howmanybytesistherecordin
yourtrace?
Answer
2014
12.Intheencryptedhandshakerecord,whatisbeingencrypted?How?
Answer
AllhandshakemessagesandMACaddressesareconcatenatedandencrypted.Theyaresentto
theserver.
13.Doestheserveralsosendachangecipherrecordandanencryptedhandshakerecordto
theclient?Howarethoserecordsdifferentfromthosesentbytheclient?
Answer
Yes, the servers encrypted handshake contains all the handshake messages sent from the
server.Othercontainsmessagessentfromclient.
14.Howistheapplicationdatabeingencrypted?Dotherecordscontainingapplicationdata
includeaMAC?DoesWiresharkdistinguishbetweentheencryptedapplicationdataandthe
MAC?
Answer
The symmetric encryption algorithm is used to encrypt the application data. Yes, the records
containing application data include a MAC. No, Wireshark did not distinguish between the
encryptedapplicationdataandtheMAC.
15.Commentonandexplainanythingelsethatyoufoundinterestinginthetrace.
Answer
Nomorecomment,everythingasexpected.