Lab 8: Wireshark Crypto Analysis
Back to Week 6
Objectives
1. Open PCAP File
✓
Open the encrypted HTTPS traffic capture file.
Show Hint
Type: open https_encrypted.pcap
2. Examine Client Hello
✓
Click packet #4 to view TLS Client Hello and cipher suites.
Show Hint
Click on packet #4 in the packet list, then expand "Transport Layer Security" in the detail pane.
3. Examine Server Hello
✓
Click packet #6 to view TLS Server Hello and selected cipher.
Show Hint
Click on packet #6 to see which cipher suite the server selected.
4. View Certificate
✓
Click packet #8 to examine the server's certificate.
Show Hint
Click on packet #8 and expand the Certificate section.
5. Load TLS Key
✓
Load the RSA private key to decrypt TLS traffic.
Show Hint
Type: load key server.key
6. View Decrypted HTTP
✓
Click packet #14 to see decrypted HTTP POST request.
Show Hint
After loading the key, click packet #14 to view the decrypted content.
7. Identify Credentials
✓
Find the username and password in decrypted data.
Show Hint
Look at the form data in packet #14. Type: extract credentials
8. Export Objects
✓
Export decrypted HTTP objects from the capture.
Show Hint
Type: export http objects
Command Terminal
Wireshark Crypto Analysis Lab
Type commands to control the analysis environment
analyst@wireshark:~$
No file loaded
No.
Time
Source
Destination
Protocol
Length
Info
No packets loaded. Use terminal to open a PCAP file.
Select a packet to view details
Hex dump will appear here
Lab Complete!
Outstanding! You've mastered Wireshark crypto analysis and TLS decryption.
+25 XP