Secure Sockets Layer (SSL) is a protocol which allows web HTTPS applications to exchange information securely. When accessing an SSL based website you should notice the "http" in the address line is replaced with "https" and a small padlock is visible in front of URL. Transport Layer Security (TLS) is much similar to SSL, and it is also known as SSL3.1.

Wireshark is a network protocol analyser that security professionals can use to filter and search through in order to understand traffic that has been logged using tcpdump or a similar tool. It has lots of features built in to it which allow for easy data representation and filtering.

You will be analysing a network traffic capture of an SSL handshake and then using a private key to decrypt and extract a file from the capture.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

• Understand the SSL handshake process at the protocol level and how to extract a file from an SSL conversation using a private key

Intended Audience

This lab is intended for:

• Cyber and network security specialists

Prerequisites

You should possess:

• A basic understanding of Windows operating system environments

Updates

August 24th, 2020 - Added a tip to clarify that newer versions of WireShark use the heading Transport Layer Security rather than Secure Sockets Layer as appears in the lab guide