Secure Sockets Layer (SSL) is a protocol which allows web HTTPS applications to exchange information securely. When accessing an SSL based website you should notice the "http" in the address line is replaced with "https" and a small padlock is visible in front of URL. Transport Layer Security (TLS) is much similar to SSL, and it is also known as SSL3.1.
Wireshark is a network protocol analyser that security professionals can use to filter and search through in order to understand traffic that has been logged using tcpdump or a similar tool. It has lots of features built in to it which allow for easy data representation and filtering.
You will be analysing a network traffic capture of an SSL handshake and then using a private key to decrypt and extract a file from the capture.
This lab is part of a series on cyber network security.
Upon completion of this lab you will be able to:
Understand the SSL handshake process at the protocol level and how to extract a file from an SSL conversation using a private key
This lab is intended for:
You should possess:
Updates
August 24th, 2020 - Added a tip to clarify that newer versions of WireShark use the heading Transport Layer Security rather than Secure Sockets Layer as appears in the lab guide