Cryptography Reference
In-Depth Information
For illustration purposes, though, you can also run an instance of the Apache
web server locally, confi gure it to accept HTTPS connections, and connect to
it. The
tcpdump
utility can be used to monitor exactly what's passed back and
forth over a socket connection.
NOTE
See Appendix B for a brief overview on installing and confi guring
tcpdump.
Dissecting the Client Hello Request
Now you can run your
https
command-line client to connect to an SSL-enabled
website and monitor the packets exchanged. After invoking tcpdump to run in
the background, start up an instance of
https
:
[jdavies@localhost ssl]$ ./https https://localhost/index.html
The tcpdump output starts with the standard expected TCP 3-way handshake:
[root@localhost ssl]# /usr/sbin/tcpdump -i lo -s 0 -X tcp port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
12:37:03.937423 IP localhost.localdomain.56047 > localhost.localdomain.https: S
506618802:506618802(0) win 32792
<mss 16396,sackOK,timestamp 12673266 0,nop,wscale 7>
0x0000: 4500 003c 0340 4000 4006 397a 7f00 0001 E..<.@@.@.9z....
0x0010: 7f00 0001 daef 01bb 1e32 63b2 0000 0000 .........2c.....
0x0020: a002 8018 cf4a 0000 0204 400c 0402 080a .....J....@.....
0x0030: 00c1 60f2 0000 0000 0103 0307 ..`.........
12:37:03.937430 IP localhost.localdomain.https > localhost.localdomain.56047: S
505995792:505995792(0) ack 506618803 win 32768
<mss 16396,sackOK,timestamp 12673267 12673266,nop,wscale 7>
0x0000: 4500 003c 0000 4000 4006 3cba 7f00 0001 E..<..@.@.<.....
0x0010: 7f00 0001 01bb daef 1e28 e210 1e32 63b3 .........(...2c.
0x0020: a012 8000 6d64 0000 0204 400c 0402 080a ....md....@.....
0x0030: 00c1 60f3 00c1 60f2 0103 0307 ..`...`.....
12:37:03.937459 IP localhost.localdomain.56047 > localhost.localdomain.https: .
ack 1 win 257 <nop,nop,timestamp 12673267 12673267>
0x0000: 4500 0034 0341 4000 4006 3981 7f00 0001 E..4.A@.@.9.....
0x0010: 7f00 0001 daef 01bb 1e32 63b3 1e28 e211 .........2c..(..
0x0020: 8010 0101 5587 0000 0101 080a 00c1 60f3 ....U.........`.
0x0030: 00c1 60f3 ..`.
After the three-way handshake is complete, the TLS protocol takes over:
The fi rst actual packet exchanged is the client hello. The client hello starts
at byte 0x0035. The fi rst fi ve bytes of the data packet is the TLS header
160301002d. 0x16 is the type of the message (content_handshake); 0x0301 is
the version of SSL (3.1); and 0x002d is the length of the contained packet — 45
bytes.
Every
packet sent over this connection must now start with a TLS header.
Search WWH ::
Custom Search