Computer Science Assignment 3
3 years ago 25
Assignment3_MMIS653_Fall23.pdf
Wireshark_SSL_v8.01.pdf
Wireshark_SSL_SOLUTION_v8.0.pdf
Assignment3_MMIS653_Fall23.pdf
Assignment#3 MMIS 653 (Fall 2023)
Total points: 70
Due date: 10/13/2023 11:59PM
1, Define and contrast the following terms: subnet, prefix, and BGP route? (6 points)
2, Consider a datagram network using 16-bit host addresses. Suppose a router uses
longest prefix matching and has the following forwarding table:
-----------------------------------------------
Prefix Match Interface
-----------------------------------------------
1 0
11 1
111 2
Otherwise 3
-----------------------------------------------
For each of the following 5 host addresses, give the matched interface # using above
forwarding table. (10 points)
11100000 10111111
10110000 10111111
11010000 10111111
01110000 10111111
10000000 10111111
3, How big is the MAC address space? The IPv4 address space? The IPv6 address space?
Note: The size of an address space is the maximum number of different addresses it can
have. (3 points)
4, In CSMA/CD, after the 5th collision, what is the probability that a node chooses K=4?
The result K=4 corresponds to a delay of how many seconds on a 100 Mbps Ethernet? (5
points)
5, List the serious security flaws of Wired Equivalent Privacy (WEP) for 802.11 wireless
networks. How are those security flaws addressed by WiFi Protected Access (WPA)? (6
points)
6, Describe IPsec and how it can be used to create virtual private networks (VPNs). (6
points)
7, What is the difference between a permanent address and a care-of address? Who
assigns a care-of address? (4 points)
8, Identify and describe at least three common network vulnerabilities? (6 points)
9, What is an important difference between a symmetric key system and a public key
system? (5 points)
10, True or False, explain why? (4 points)
a, Ethernet and 802.11 uses the same frame structure.
b, The addresses in an Ethernet frame header are IP addresses.
11, Complete the Wireshark Lab: SSL. The answers to all the questions in the lab are
posted in Canvas. Follow all the steps in the lab and try to answer all the questions. Then
check your answers using the solution file provided. There is no need to submit your
answers to me for grading. You only need to submit a screenshot to show me that you
opened the trace file and did the lab. (6 points)
Note: The files for the Wireshark Lab and the solutions are provided separately.
• Wireshark_SSL_v8.0.pdf
• Wireshark_SSL_SOLUTION_v8.0.pdf
12, Conduct a survey on routing protocols, select one protocol and discuss how it works,
identify its advantages and disadvantages. The length of your review should be no more
than 2 pages in length. Please use APA (American Psychological Association) style for
in-text citations and references.(https://owl.english.purdue.edu/owl/resource/560/01/) The
rubric I use for grading your review is attached for your reference. (9 points)
criteria 3 2 1 0 Points
Identify the literature in the field of network routing
5 or more related references are identified
3-4 related references are identified
1-2 related references are identified
No reference is identified
Summarize the advantages and disadvantages of the chosen routing protocol
Be able to summarize 3 or more advantages and 3 or more disadvantages
Be able to summarize 1 or 2 advantages and 1 or 2 disadvantages
Be able to summarize some advantages or disadvantages but not both
Not able to summarize any advantages and disadvantages
Synthesize scholarly literature relating to network routing
Several detailed conclusions are reached from the literature
Some detailed conclusions are reached from the literature
A conclusion is reached from the literature
No conclusion is reached from the literature
Wireshark_SSL_v8.01.pdf
Wireshark Lab: SSL v8.0 Supplement to Computer Networking: A Top-Down Approach, 8th ed., J.F. Kurose and K.W. Ross “Tell me and I forget. Show me and I remember. Involve me and I understand.” Chinese proverb
© 2005-2020, J.F Kurose and K.W. Ross, All Rights Reserved
In this lab, we’ll investigate the Secure Sockets Layer (SSL) protocol, focusing on the SSL records sent over a TCP connection. We’ll do so by analyzing a trace of the SSL records sent between your host and an e-commerce server. We’ll investigate the various SSL record types as well as the fields in the SSL messages. You may want to review Section 8.6 in the text1. We are currently developing a Wireshark Lab that will cover TLS – whose treatment in the 8th edition of our text replaces the coverage of SSL.
1 References to figures and sections for this SSL lab are for the 7th edition of our text, Computer Networks, A Top-down Approach, 7th ed., J.F. Kurose and K.W. Ross, Addison-Wesley/Pearson, 2016.
1. Capturing packets in an SSL session The first step is to capture the packets in an SSL session. To do this, you should go to your favorite e-commerce site and begin the process of purchasing an item (but terminating before making the actual purpose!). After capturing the packets with Wireshark, you should set the filter so that it displays only the Ethernet frames that contain SSL records sent from and received by your host. (An SSL record is the same thing as an SSL message.) You should obtain something like screenshot on the previous page. If you have difficulty creating a trace, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ssl-ethereal- trace-1 packet trace. 2. A look at the captured trace Your Wireshark GUI should be displaying only the Ethernet frames that have SSL records. It is important to keep in mind that an Ethernet frame may contain one or more SSL records. (This is very different from HTTP, for which each frame contains either one complete HTTP message or a portion of a HTTP message.) Also, an SSL record may not
completely fit into an Ethernet frame, in which case multiple frames will be needed to carry the record. Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout2 to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question
1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.
2. Each of the SSL records begins with the same three fields (with possibly different values). One of these fields is “content type” and has length of one byte. List all three fields and their lengths.
ClientHello Record:
3. Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?
4. Does the ClientHello record contain a nonce (also known as a “challenge”)? If so, what is the value of the challenge in hexadecimal notation?
5. Does the ClientHello record advertise the cyber suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?
ServerHello Record:
6. Locate the ServerHello SSL record. Does this record specify a chosen cipher suite? What are the algorithms in the chosen cipher suite?
7. Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?
8. Does this record include a session ID? What is the purpose of the session ID? 9. Does this record contain a certificate, or is the certificate included in a separate
record. Does the certificate fit into a single Ethernet frame? Client Key Exchange Record:
2 What do we mean by “annotate”? If you hand in a paper copy, please highlight where in the printout you’ve found the answer and add some text (preferably with a colored pen) noting what you found in what you ‘ve highlight. If you hand in an electronic copy, it would be great if you could also highlight and annotate.
10. Locate the client key exchange record. Does this record contain a pre-master secret? What is this secret used for? Is the secret encrypted? If so, how? How long is the encrypted secret?
Change Cipher Spec Record (sent by client) and Encrypted Handshake Record:
11. What is the purpose of the Change Cipher Spec record? How many bytes is the record in your trace?
12. In the encrypted handshake record, what is being encrypted? How? 13. Does the server also send a change cipher record and an encrypted handshake
record to the client? How are those records different from those sent by the client? Application Data
14. How is the application data being encrypted? Do the records containing application data include a MAC? Does Wireshark distinguish between the encrypted application data and the MAC?
15. Comment on and explain anything else that you found interesting in the trace.
Wireshark_SSL_SOLUTION_v8.0.pdf
Wireshark Lab: SSL v8.0
SOLUTIONS
Supplement to Computer Networking: A Top-Down Approach,
8th ed., J.F. Kurose and K.W. Ross
“Tell me and I forget. Show me and I remember. Involve me and I
understand.” Chinese proverb
© 2005-2020, J.F Kurose and K.W. Ross, All Rights Reserved
A Look at the Captured Trace:
Captured SSL Packets
1. Details of the first 8 captured Ethernet frames (SSL) are listed in the following table:
Frame #
in Ethereal
Frame
# Source Destination
# of SSL
Records List of SSL Records
215 1 192.168.1.104 72.246.122.125 1 Client Hello
217 2 72.246.122.125 192.168.1.104 3
Server Hello
Certificate
Server Hello Done
218 3 192.168.1.104 72.246.122.125 3
Client Key Exchange
Change Cipher spec
Encrypted Handshake msg
219 4 72.246.122.125 192.168.1.104 2 Change Cipher spec
Encrypted Handshake msg
221 5 192.168.1.104 72.246.122.125 1 Application Data
224 6 72.246.122.125 192.168.1.104 1 Application Data
225 7 72.246.122.125 192.168.1.104 1 Application Data
227 8 72.246.122.125 192.168.1.104 1 Application Data
Details of the first 8 Ethernet Frames for SSL
Timing Diagram of the SSL Session
2. Each SSL record begins with the same three fields (content type, version, and length). The
values for each SSL record type are listed as follow:
Frame # SSL Record Types Content Type Version Length
1 Client Hello Handshake (22) TLS 1.0 (0x0301) 103
2 Server Hello Handshake (22) TLS 1.0 (0x0301) 74
Certificate Handshake (22) TLS 1.0 (0x0301) 989
Server Hello Done Handshake (22) TLS 1.0 (0x0301) 4
3 Client Key Exchange Handshake (22) TLS 1.0 (0x0301) 134
Change Cipher spec ChangeCipherSpec(20) TLS 1.0 (0x0301) 1
Encrypted Handshake msg Handshake (22) TLS 1.0 (0x0301) 48
4 Change Cipher spec ChangeCipherSpec(20) TLS 1.0 (0x0301) 1
Encrypted Handshake msg Handshake (22) TLS 1.0 (0x0301) 48
5 Application Data Application Data (23) TLS 1.0 (0x0301) 1552
6 Application Data Application Data (23) TLS 1.0 (0x0301) 912
7 Application Data Application Data (23) TLS 1.0 (0x0301) 32
8 Application Data Application Data (23) TLS 1.0 (0x0301) 32
Client Hello Record
Expanded Client Hello Record
3. The value of the content type is Handshake (22) because this is handshake message type (as
shown above).
4. Yes, the Client Hello record contains a challenge and its value in HEX is
0xC074B51864D5EE04F9B547DFF3664597
5. Yes, Client Hello record advertises the cipher suite it supports, as shown below.
Client Hello Record’s Cipher specs
The first listed TLS (SSLv3) cipher spec (highlighted above) is: DHE and RSA (public-key
algorithms) with 256-bit CBC AES (symmetric-key) with SHA (hash algorithm).
Server Hello Record
Expanded Server Hello Record
6. Yes, this record specifies a cipher suite. The chosen suite is
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035). In other words, RSA (public-key)
256-bit CBC AES (symmetric) and SHA (hash algorithm) are chosen.
7. Yes, this record includes a nonce, as known as Random.bytes, and it is 28 bytes long (as
highlighted above). The purpose of the client and server nonces in SSL is to prevent
attacker from replaying or reordering records.
8. Yes, this record includes a Session ID which is 32-bytes long. Its purpose is to allow
session resumption, which can significantly reduce the number of time-consuming server
handshake to crease a new session ID. In the Client Hello record, a nonzero session ID
means that the client to resume its previously established session; and a zero session ID
means that the client wishes to establish a new session with the server.
9. Yes, this record contains a certificate. The certificate is 982 bytes long, thus it can fit into
a single Ethernet frame.
Expanded Server Hello Record (2)
Client Key Exchange Record
Expanded Client Key Exchange Record
10. Yes, this record contains a pre-master secret (highlighted above). This encrypted
pre-master secret is decrypted at the server side and is used to produce a master secret.
Then this master secret is used to produces “key block”, which is then sliced and diced into
client MAC key, server MAC key, client encryption key, server encryption key, client IV
and serve IV. The secret is encrypted using server’s public key. The encrypted secret is
130-byte long.
Change Cipher Spec and Encrypted Handshake Records
Expanded Change Cipher Spec and Encrypted Handshake Records
11. The purpose of Change Cipher Spec is to indicate change in encryption and authentication
algorithms and to update the cipher suite to be used on this connection. This record is only
1 byte long in my trace.
12. The sender of this Encrypted Handshake Records and all handshake messages up to but not
including this message are encrypted in record. This information is concatenated and
hashed using two hash algorithms, MD5 and SHA. The content of this record is the
concatenation of these two hash values. The Encrypted Handshake Record is used to
verify that key exchange and authentication processes were successful.
13. Yes, the server also sends its own Change Cipher Spec and Encrypted Handshake records.
The only difference is the sender of this record; the sender is now the server while the
sender was the client in previous message.
Application Data Records
Expanded Application Data Record
14. The application data is encrypted using the specified algorithms in the chosen cipher suite;
in my case, RSA (public-key), 256-bit CBC AES (symmetric), and SHA (hash algorithm).
Yes, the records containing application data include a MAC; however, Ethereal does not
distinguish between the encrypted application data and the MAC.
Assignment3_MMIS653_Fall23.pdf
Assignment#3 MMIS 653 (Fall 2023)
Total points: 70
Due date: 10/13/2023 11:59PM
1, Define and contrast the following terms: subnet, prefix, and BGP route? (6 points)
2, Consider a datagram network using 16-bit host addresses. Suppose a router uses
longest prefix matching and has the following forwarding table:
-----------------------------------------------
Prefix Match Interface
-----------------------------------------------
1 0
11 1
111 2
Otherwise 3
-----------------------------------------------
For each of the following 5 host addresses, give the matched interface # using above
forwarding table. (10 points)
11100000 10111111
10110000 10111111
11010000 10111111
01110000 10111111
10000000 10111111
3, How big is the MAC address space? The IPv4 address space? The IPv6 address space?
Note: The size of an address space is the maximum number of different addresses it can
have. (3 points)
4, In CSMA/CD, after the 5th collision, what is the probability that a node chooses K=4?
The result K=4 corresponds to a delay of how many seconds on a 100 Mbps Ethernet? (5
points)
5, List the serious security flaws of Wired Equivalent Privacy (WEP) for 802.11 wireless
networks. How are those security flaws addressed by WiFi Protected Access (WPA)? (6
points)
6, Describe IPsec and how it can be used to create virtual private networks (VPNs). (6
points)
7, What is the difference between a permanent address and a care-of address? Who
assigns a care-of address? (4 points)
8, Identify and describe at least three common network vulnerabilities? (6 points)
9, What is an important difference between a symmetric key system and a public key
system? (5 points)
10, True or False, explain why? (4 points)
a, Ethernet and 802.11 uses the same frame structure.
b, The addresses in an Ethernet frame header are IP addresses.
11, Complete the Wireshark Lab: SSL. The answers to all the questions in the lab are
posted in Canvas. Follow all the steps in the lab and try to answer all the questions. Then
check your answers using the solution file provided. There is no need to submit your
answers to me for grading. You only need to submit a screenshot to show me that you
opened the trace file and did the lab. (6 points)
Note: The files for the Wireshark Lab and the solutions are provided separately.
• Wireshark_SSL_v8.0.pdf
• Wireshark_SSL_SOLUTION_v8.0.pdf
12, Conduct a survey on routing protocols, select one protocol and discuss how it works,
identify its advantages and disadvantages. The length of your review should be no more
than 2 pages in length. Please use APA (American Psychological Association) style for
in-text citations and references.(https://owl.english.purdue.edu/owl/resource/560/01/) The
rubric I use for grading your review is attached for your reference. (9 points)
criteria 3 2 1 0 Points
Identify the literature in the field of network routing
5 or more related references are identified
3-4 related references are identified
1-2 related references are identified
No reference is identified
Summarize the advantages and disadvantages of the chosen routing protocol
Be able to summarize 3 or more advantages and 3 or more disadvantages
Be able to summarize 1 or 2 advantages and 1 or 2 disadvantages
Be able to summarize some advantages or disadvantages but not both
Not able to summarize any advantages and disadvantages
Synthesize scholarly literature relating to network routing
Several detailed conclusions are reached from the literature
Some detailed conclusions are reached from the literature
A conclusion is reached from the literature
No conclusion is reached from the literature
Wireshark_SSL_v8.01.pdf
Wireshark Lab: SSL v8.0 Supplement to Computer Networking: A Top-Down Approach, 8th ed., J.F. Kurose and K.W. Ross “Tell me and I forget. Show me and I remember. Involve me and I understand.” Chinese proverb
© 2005-2020, J.F Kurose and K.W. Ross, All Rights Reserved
In this lab, we’ll investigate the Secure Sockets Layer (SSL) protocol, focusing on the SSL records sent over a TCP connection. We’ll do so by analyzing a trace of the SSL records sent between your host and an e-commerce server. We’ll investigate the various SSL record types as well as the fields in the SSL messages. You may want to review Section 8.6 in the text1. We are currently developing a Wireshark Lab that will cover TLS – whose treatment in the 8th edition of our text replaces the coverage of SSL.
1 References to figures and sections for this SSL lab are for the 7th edition of our text, Computer Networks, A Top-down Approach, 7th ed., J.F. Kurose and K.W. Ross, Addison-Wesley/Pearson, 2016.
1. Capturing packets in an SSL session The first step is to capture the packets in an SSL session. To do this, you should go to your favorite e-commerce site and begin the process of purchasing an item (but terminating before making the actual purpose!). After capturing the packets with Wireshark, you should set the filter so that it displays only the Ethernet frames that contain SSL records sent from and received by your host. (An SSL record is the same thing as an SSL message.) You should obtain something like screenshot on the previous page. If you have difficulty creating a trace, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ssl-ethereal- trace-1 packet trace. 2. A look at the captured trace Your Wireshark GUI should be displaying only the Ethernet frames that have SSL records. It is important to keep in mind that an Ethernet frame may contain one or more SSL records. (This is very different from HTTP, for which each frame contains either one complete HTTP message or a portion of a HTTP message.) Also, an SSL record may not
completely fit into an Ethernet frame, in which case multiple frames will be needed to carry the record. Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout2 to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question
1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.
2. Each of the SSL records begins with the same three fields (with possibly different values). One of these fields is “content type” and has length of one byte. List all three fields and their lengths.
ClientHello Record:
3. Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?
4. Does the ClientHello record contain a nonce (also known as a “challenge”)? If so, what is the value of the challenge in hexadecimal notation?
5. Does the ClientHello record advertise the cyber suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?
ServerHello Record:
6. Locate the ServerHello SSL record. Does this record specify a chosen cipher suite? What are the algorithms in the chosen cipher suite?
7. Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?
8. Does this record include a session ID? What is the purpose of the session ID? 9. Does this record contain a certificate, or is the certificate included in a separate
record. Does the certificate fit into a single Ethernet frame? Client Key Exchange Record:
2 What do we mean by “annotate”? If you hand in a paper copy, please highlight where in the printout you’ve found the answer and add some text (preferably with a colored pen) noting what you found in what you ‘ve highlight. If you hand in an electronic copy, it would be great if you could also highlight and annotate.
10. Locate the client key exchange record. Does this record contain a pre-master secret? What is this secret used for? Is the secret encrypted? If so, how? How long is the encrypted secret?
Change Cipher Spec Record (sent by client) and Encrypted Handshake Record:
11. What is the purpose of the Change Cipher Spec record? How many bytes is the record in your trace?
12. In the encrypted handshake record, what is being encrypted? How? 13. Does the server also send a change cipher record and an encrypted handshake
record to the client? How are those records different from those sent by the client? Application Data
14. How is the application data being encrypted? Do the records containing application data include a MAC? Does Wireshark distinguish between the encrypted application data and the MAC?
15. Comment on and explain anything else that you found interesting in the trace.
Wireshark_SSL_SOLUTION_v8.0.pdf
Wireshark Lab: SSL v8.0
SOLUTIONS
Supplement to Computer Networking: A Top-Down Approach,
8th ed., J.F. Kurose and K.W. Ross
“Tell me and I forget. Show me and I remember. Involve me and I
understand.” Chinese proverb
© 2005-2020, J.F Kurose and K.W. Ross, All Rights Reserved
A Look at the Captured Trace:
Captured SSL Packets
1. Details of the first 8 captured Ethernet frames (SSL) are listed in the following table:
Frame #
in Ethereal
Frame
# Source Destination
# of SSL
Records List of SSL Records
215 1 192.168.1.104 72.246.122.125 1 Client Hello
217 2 72.246.122.125 192.168.1.104 3
Server Hello
Certificate
Server Hello Done
218 3 192.168.1.104 72.246.122.125 3
Client Key Exchange
Change Cipher spec
Encrypted Handshake msg
219 4 72.246.122.125 192.168.1.104 2 Change Cipher spec
Encrypted Handshake msg
221 5 192.168.1.104 72.246.122.125 1 Application Data
224 6 72.246.122.125 192.168.1.104 1 Application Data
225 7 72.246.122.125 192.168.1.104 1 Application Data
227 8 72.246.122.125 192.168.1.104 1 Application Data
Details of the first 8 Ethernet Frames for SSL
Timing Diagram of the SSL Session
2. Each SSL record begins with the same three fields (content type, version, and length). The
values for each SSL record type are listed as follow:
Frame # SSL Record Types Content Type Version Length
1 Client Hello Handshake (22) TLS 1.0 (0x0301) 103
2 Server Hello Handshake (22) TLS 1.0 (0x0301) 74
Certificate Handshake (22) TLS 1.0 (0x0301) 989
Server Hello Done Handshake (22) TLS 1.0 (0x0301) 4
3 Client Key Exchange Handshake (22) TLS 1.0 (0x0301) 134
Change Cipher spec ChangeCipherSpec(20) TLS 1.0 (0x0301) 1
Encrypted Handshake msg Handshake (22) TLS 1.0 (0x0301) 48
4 Change Cipher spec ChangeCipherSpec(20) TLS 1.0 (0x0301) 1
Encrypted Handshake msg Handshake (22) TLS 1.0 (0x0301) 48
5 Application Data Application Data (23) TLS 1.0 (0x0301) 1552
6 Application Data Application Data (23) TLS 1.0 (0x0301) 912
7 Application Data Application Data (23) TLS 1.0 (0x0301) 32
8 Application Data Application Data (23) TLS 1.0 (0x0301) 32
Client Hello Record
Expanded Client Hello Record
3. The value of the content type is Handshake (22) because this is handshake message type (as
shown above).
4. Yes, the Client Hello record contains a challenge and its value in HEX is
0xC074B51864D5EE04F9B547DFF3664597
5. Yes, Client Hello record advertises the cipher suite it supports, as shown below.
Client Hello Record’s Cipher specs
The first listed TLS (SSLv3) cipher spec (highlighted above) is: DHE and RSA (public-key
algorithms) with 256-bit CBC AES (symmetric-key) with SHA (hash algorithm).
Server Hello Record
Expanded Server Hello Record
6. Yes, this record specifies a cipher suite. The chosen suite is
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035). In other words, RSA (public-key)
256-bit CBC AES (symmetric) and SHA (hash algorithm) are chosen.
7. Yes, this record includes a nonce, as known as Random.bytes, and it is 28 bytes long (as
highlighted above). The purpose of the client and server nonces in SSL is to prevent
attacker from replaying or reordering records.
8. Yes, this record includes a Session ID which is 32-bytes long. Its purpose is to allow
session resumption, which can significantly reduce the number of time-consuming server
handshake to crease a new session ID. In the Client Hello record, a nonzero session ID
means that the client to resume its previously established session; and a zero session ID
means that the client wishes to establish a new session with the server.
9. Yes, this record contains a certificate. The certificate is 982 bytes long, thus it can fit into
a single Ethernet frame.
Expanded Server Hello Record (2)
Client Key Exchange Record
Expanded Client Key Exchange Record
10. Yes, this record contains a pre-master secret (highlighted above). This encrypted
pre-master secret is decrypted at the server side and is used to produce a master secret.
Then this master secret is used to produces “key block”, which is then sliced and diced into
client MAC key, server MAC key, client encryption key, server encryption key, client IV
and serve IV. The secret is encrypted using server’s public key. The encrypted secret is
130-byte long.
Change Cipher Spec and Encrypted Handshake Records
Expanded Change Cipher Spec and Encrypted Handshake Records
11. The purpose of Change Cipher Spec is to indicate change in encryption and authentication
algorithms and to update the cipher suite to be used on this connection. This record is only
1 byte long in my trace.
12. The sender of this Encrypted Handshake Records and all handshake messages up to but not
including this message are encrypted in record. This information is concatenated and
hashed using two hash algorithms, MD5 and SHA. The content of this record is the
concatenation of these two hash values. The Encrypted Handshake Record is used to
verify that key exchange and authentication processes were successful.
13. Yes, the server also sends its own Change Cipher Spec and Encrypted Handshake records.
The only difference is the sender of this record; the sender is now the server while the
sender was the client in previous message.
Application Data Records
Expanded Application Data Record
14. The application data is encrypted using the specified algorithms in the chosen cipher suite;
in my case, RSA (public-key), 256-bit CBC AES (symmetric), and SHA (hash algorithm).
Yes, the records containing application data include a MAC; however, Ethereal does not
distinguish between the encrypted application data and the MAC.