For this question you must use virtnet (as used in the workshops) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.
Your task is to:
Create topology 5 in virtnet
Deploy the MyUni demo website on the nodes
Setup the webserver to support HTTPS, including obtaining a certificate
Capture traffic from the web browser on node1 to the web server that includes a HTTPS session. Save the file as https.pcap.
Test and analyse the HTTPS connection.
Answer the following sub-questions based on above test and analysis.
(a)Submit your certificate certificate.pem and HTTPS traffic capture https.pcap on Moodle. [3 marks]
(b)Draw a message sequence diagram that illustrates the SSL packets belonging to the first TCP connection in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:
Only draw the SSL packets; do not draw the 3-way handshake, TCP ACKs or connection close. Hint: identify which packets belong to the first TCP connection and then filter with “ssl” in Wireshark. Depending on your
Wireshark version, the protocol may show as “TLSv1.2”.
A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each “Record Layer” entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.
Clearly mark which packets/messages are encrypted. [3 marks]
(c)Based on the capture and your understanding of HTTPS: [0.5 mark each]
a.What port number does the web server use with HTTPS?
b.What symmetric key cipher was used for encrypting the data?
c.What public key cipher was used for exchanging a secret?
d.What cipher and what hash algorithm are used in signing the web servers certificate?
(d)In this task you needed to manually load the CA certificate into the client (lynx web browser). In real networks, this step is not necessary (that is, the web browser user does not have to load the CA certificate – it normally is already loaded). Explain how the