Past exam questions (network trace)

Posted on 2006-05-10
Last Modified: 2010-08-05
Please answerv the following questions:-

a) The screen shot shown in figure Q4 (see link) depicts a trace of network activity of a web based connection to the University e-mail service. Discuss whether you think this is a secure method of accessing messages, through consideration of the trace.


b) Part of the trace shows a Change Cipher Spec activity taking place.    Discuss this and describe what you think further analysis would show if the “Client Hello” information was analysed.


c) Discuss the “Server Hello” and subsequent operations, including the contents of the “Application Data”.


Question by:lukegriffiths110
    1 Comment
    LVL 5

    Accepted Solution


    A: I see no reason why using sslv3 is would not be a secure method for retrieving messages - it is acceptable for online banking etc (https).
    BUT the trace shows no exchange of certificates thus the client and server have not authenticated themselves with each other.  From the trace I'm not sure it is possible to confirm if the use has had to supply any credentials (such as username and password).  This could just be a trace of accessing an https website without authentication - thus the traffic would be encrypted from someone trying to sniff the connection.  I would say that this is probably not secure enough if the messages are strictly for a specific recipient.  Certainly before ratifying it you would want more information about the process used.

    B: Change Cipher Spec is just indicating that the following packets will be sent in the cipher suite that has just been negotiated.
    Client Hello provides details of the client Random, which versions of ssl / tls the client supports, requested cipher suite.

    C: Server Hello is basically the same as the client hello - accepts the connection and states the server has chosen this version of ssl and this cipher suite.
    You then have the encrypted handshake,
    change cipher spec - basically saying next message(s) will be encrypted.
    Then an encrypted transfer of application data....

    This web page has a good explanation and a nice diagram of the process:

    you could also recommend the look to move to using TLS (also known as SSLv3.1).



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now