SSL Overview

Recently I created a presentation for a client on SSL. The purpose was to give a packet level view of the SSL protocol so the client and their support team would have a better understanding of the problems they had. The original presentation was done in powerpoint so I adapted it to blog format.

 

Brief SSL History

SSL v1 was developed by Netscape back in 1994. It was developed with the main purpose of security web browser traffic to the server. Now the SSL protocol is used for many different system to system communications. Continue reading

Wireshark Portable Profiles

In my last blog (Wireshark Custom Columns) I provided you information on customizing your Wireshark interface depending on the problem you are troubleshooting. These custom profiles are extremely helpful in providing the needed information for troubleshooting the vast range of issues you will encounter. As you increase your effectiveness as a analyst you will undoubtedly be called to resolve issues on many different networks other than your own. These situations may require that you utilize local hardware and software to troubleshoot with. In these situation you can rapidly become effective by transferring the custom profiles from your local system to this new system. Wireshark makes it easy to transfer your custom profile simply by copying a set of plain-text files between the two systems.

Continue reading

Wireshark Custom Columns

To effectively troubleshoot network traffic you must extract from the trace files key information points. To extract and view this information you must customize your protocol analyzer to present this custom view of the information. One of the most widely used protocol analyzers is the free tool called WireShark and by default this tool provides a very limited view into your trace files. Since this is the tool I personally use I will show you how I’ve customized it to provide the data I need.

Continue reading

Delayed ACK

A few weeks ago, during a technical group meeting I hold here in town, a question came up that is now the basis of our next meeting. Does every TCP segment get an ACK returned?

My unqualified answer to this question was “No” as I had troubleshot some connections before and noticed that not every TCP segment received was sent an ACK. When challenged on this I couldn’t give the technical background for this just that this was my experience. Of course others in the group had different experiences so the only way to solve this was to do the research. Continue reading