Question

Please use your own Wire-Shark tool and answer the following questions. If possible please mention the steps or pictures on how the questions were answered.

1. What is the MAC address of the server?

2. What is the MAC address of the client?

3. What version of the web server is the server running?

4. Which web browser and what version is the client running?

5. Which cipher suites are supported by the client?

6. Which cipher suite does the server agree upon?

7. How many bytes were able to be decrypted? (Use Follow SSL stream to find out)

8. What is in the "<head>" tag of the client GET request of the client?

9. What port is used by the client to communicate with HTTPS on the server?

10. What is the version of OpenSSL running on the server?

Answer 1

When u click on a packet/frame corresponding window highlights:

Here if you expand the Ethernet Section you will see source and destination address.

1. The destination MAC address is of the server. 2. The source MAC address is the one of the client (the one encircled in red).

3.My browser is running http version 1.1

The server is also running http version 1.1

4. When identifying encryptiGET request your browser does (which means "hello, I want something"). If you have many packets that make it hard to see such requests you can find them by filtering on "http.request.method==GET".

In the packet list you'll see that the info column says "GET / HTTP/1.1" or "GET / HTTP/1.0"n.

5. ciphers supported by the client, the best place is to look for the 'Client Hello' packet. Select this packet, and then expand Secure Sockets Layer > Handshake Protocol: Client Hello > Cipher Suites. The list shown here will be all available ciphers that the client supports.

6. The list of cipher suites supported by the client ordered by the client’s preference. The cipher suite consists of a key exchange algorithm, bulk encryption algorithm, MAC algorithm and a pseudorandom function.

7. it decodes the last couple of bytes I get an error saying malformed packets.

This does not happen when the last possible 11 byte group ends and there are 6 or so bytes left over.

8. HEAD is almost identical to GET, but without the response body. In other words, if GET /users returns a list of users, then HEAD /users will make the same request but will not return the list of users.

9. The well known TCP port for HTTP traffic is 80. A HTTP proxy often uses a different port; typical values are 81, 3128, 8000 and 8080.

10. The 'openssl' version command allows you to determine the version your system is currently using. This information is useful if you want to find out if a particular feature is available, verify whether a security threat affects your system, or perhaps report a bug.