November 16, 2023
|4m
InfoSec |
Decoding Tls V1 2 Protocol Handshake With Wireshark
We are not just explaining how the TLS v1.2 handshake protocol works, but we will alsodecode the TLS v1.2 protocol handshake usingWireshark. There are two main goals of thisarticle: (1) Explaining the TLS v1.2 handshake protocol step by step. (2)Capture andexamine a TLS stream inWireshark.
Just for demonstration purposes, we are going to access Pluralsight’s (public learningplatform) website on the Chrome browser over a secured HTTPS connection. BecauseTLShandshake works only in HTTPS communication. The diference between HTTP and HTTPSis that in HTTP, only a TCP handshake will happen, but in the case of HTTPS TCP and TLS,both handshakes will happen.
In HTTP, the TLS handshake will happen after the completion of a successfulTCP handshake. TCP handshake process is a separate topic, so we are not covering that in thisarticle. To tell in short, a TCP handshake is a three-step process. First, the client sends theSYN packet to the server. Second, the server sends SYN + ACK in response to the client. Atlast, the client sends the acknowledgment to the server.
TCP three-way handshake
192.168.0.114 is the client machine. 199.38.167.35 is the destination Pluralsight.
The source and destination IP address used in this demo
Once the TCP three-way handshake is done. The TLS handshake will kick in with client hello.