EEET2424/2427 Computer &Network SecurityLab 3:Sniffing and SSLAim:In this exercise,you are required...

Question

EEET2424/2427 Computer &Network SecurityLab 3:Sniffing and SSL

Aim:In this exercise,you are required to try some Information gatheringmethods. You need to have good background knowledge on networkssecurity protocol SSLfor this practice. You can searchthe Internet for help in answering some of the questions. However, direct cut and paste are not allowed.

Part A:

Intercept user names and passwordsin network connection without security protection.

Assume ahacker has connected his laptop to a hub andhassniffedthenetwork. Example.dat(in libpcap format)is thetracefileproduced.Answerthefollowingquestionsreferringto the trace file.

1.Name one softwarewhichcan open the Example.dat2.Thenodes of thenetworkare connected byhubs.If switches are used instead of the hubs in the network, can the hacker sniffler all the nodes?Elaborate your answer. 3.Some services,usernamesand passwords can be found outin thetrace file. What arethey(Hint: At least 2 usernames and services).Explainhow you find out the usernamesand passwords in detail.

Part B:

Explore SSL/TLSprotocol with Wireshark

Modified based onJ.F. Kurose, K.W. Ross’s SSL lab.

In this lab, you will investigate the Secure Sockets Layer (SSL)/ Transport Layer Security (TLS)protocol,focusing on theSSL/TLSrecordssent over a TCP connection. You will do soby analyzing a trace of the SSL/TLSrecords sent between your host and anspecified SSL enabled webserver.Investigate the variousSSL/TLSrecord types as well as the fields in the SSL/TLSmessages.

Use wireshark andcarry thefollowingactivities. Answer the following questions referringto your trace file.

1.Start your sniffing software2.Open your web browser and visithttps://www.rmit.edu.au/students/student-essentials/class-timetables

3.Loginto youraccount4.Click on any link as you like5.Log out6.Stop your sniffing software

A look at the captured trace

Your Wireshark GUI should be displaying only the Ethernet frames that have SSL/TLS

records. It is important to keep in mind that an Ethernet frame may contain one or more

SSL/TLSrecords. (This is very different from HTTP, for which each frame contains either onecomplete HTTP message or a portion of a HTTP message.) Also, an SSL/TLSrecord may not completely fit into an Ethernet frame, in which case multiple frames will be needed to carry the record.

4.Find out the protocol name of thisSSL/TLSversion and version numbers(major and minor)

5.Locate the packet which contains the Certificate of the server? (There is special name for that packet in the protocol)

6. For each of the first 8 Ethernet frames, specify the source of the frame (client or

server), determine the number of SSL/TLSrecords that are included in the frame, and

list the SSL record types that are included in the frame. Draw a timing diagram

between client and server, with one arrow for each SSL record.

7. Each of the SSL/TLSrecords begins with the same three fields (with possibly differentvalues). One of these fields is “content type” and has length of one byte. List all

three fields and their lengths.

ClientHello Record:

8. Expand the ClientHello record. (If your trace contains multiple ClientHello

records, expand the frame that contains the first one.) What is the value of the

content type?

9. Does the ClientHello record contain a nonce (also known as a “challenge”)? If so,

what is the value of the challenge in hexadecimal notation?

10. Does the ClientHello record advertise the cyber suites it supports? If so, in the

first listed suite, what are the public-key algorithm, the symmetric-key algorithm,

and the hash algorithm?

ServerHello Record:

11. Locate the ServerHello SSL record. Does this record specify a chosen cipher

suite? What are the algorithms in the chosen cipher suite?

12. Does this record include a nonce? If so, how long is it? What is the purpose of the

client and server nonces in SSL/TLS?

13. Does this record include a session ID? What is the purpose of the session ID?

14. Does this record contain a certificate, or is the certificate included in a separate

record. Does the certificate fit into a single Ethernet frame?

Client Key Exchange Record:

15. Locate the client key exchange record. Does this record contain a pre-master

secret? What is this secret used for? Is the secret encrypted? If so, how? How long

is the encrypted secret?

Change Cipher Spec Record (sent by client) and Encrypted Handshake Record:

16. What is the purpose of the Change Cipher Spec record? How many bytes is the

record in your trace?

17. In the encrypted handshake record, what is being encrypted? How?

18. Does the server also send a change cipher record and an encrypted handshake

record to the client? How are those records different from those sent by the client?

Application Data

19. How is the application data being encrypted? Do the records containing

application data include a MAC? Does Wireshark distinguish between the

encrypted application data and the MAC?

Amit · Accepted Answer

Title of the assignment: Lab 3
Student’s name:
Student ID:
Professor’s name:
Course title: EEET2424/2427 Computer & Network Security:  Sniffing and SSL
Date: 10/10/2019
 Table of Contents
1.	Part- A	3
2.	Part - B:	3
3.	Answer 4:	6
4.	Answer 5:	7
5.	Answer 6:	8
6.	Answer 7:	9
7.	Answer 8:	10
8.	Answer 9:	11
9.	Answer 10:	11
10.	Answer 11:	12
11.	Answer 12:	13
12.	Answer 13:	13
13.	Answer 14:	14
14.	Answer 15:	14
15.	Answer 16:	15
16.	Answer 17:	15
17.	Answer 18:	16
18.	Answer 19:	16
19.	References:	17
1. Part- A
As the hacker is already connected to the network with hub and already started to sniff the network, so, it is very serious issue. The opening of .dat files can be done with different software and EditPlus 5.2.2434 is one of the best applications to open such files. 
Changing to switch in place of hubs will not make any change for the hacker. He / she can easy sniff the network in continuous manner. The implementation of security services on network devices makes the changes. The hubs and switches are just used to provide user connectivity to developed network. If hacker is already connected to network which may be through hub or may be through switch, then, the network sniffing can easily be done by him / her. 
The trace file is developed to maintain the trace of all performed activities by any user on the network. There may be different users on network and they can make use of any number of provided services to them. The used sniffing tool like packet tracer allows the user to obtain the login details for all performed activities. The tracer record provided by these sniffing tools maintains the list of all users and their activities and network administrator can easily trace them. 
2. Part - B: 
The screen shot to show the start of wireshark as the sniffing application is provided below: 
The opened screen on web browser is shown below: 
Now, login, navigation to tabs and links and logout operations are performed. The resulting trace of packet tracer for these activities is shown below: 
3. Answer 4: 
The implementation of any SSL or TLS is carried out on the bases of selected protocol maintaining the transition. This implementation of wireshark for the selected web page leads to implementation of SSLV 3 protocol and its version is 3.0.5. 
4. Answer 5: 
Locating the specific packet maintaining the server certificate is a part of resolved address for the used server. The complete packet set for server entries is shown below: 
5. Answer 6: 
The developed table showing frame number, their source, total SSL records and types of SSL is provided below:

EEET2424/2427 Computer &Network SecurityLab 3:Sniffing and SSL Aim:In this exercise,you are required to try some Information gatheringmethods. You need to have good background knowledge on...

Answer To: EEET2424/2427 Computer &Network SecurityLab 3:Sniffing and SSL Aim:In this exercise,you are required...

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment