C ONCORDIA U NIVERSITY

INSE 6170: Network Security Architecture and

Management
Assignment 1

Jan 22, 2023

Due Feb 5, 2023 at 11:59pm through Moodle submission. In this assignment, you are expected
to work individually. You may use any sources that you want but you must cite them. The
submission should be a PDF file named "A1.pdf" to contain all written answers. My office
hours are every Thursday 4pm - 6pm in EV3107. You can also email me to make an appoint
for your questions.

1 T HE HANDSHAKING FOR HTTPS (25 PTS )

To accomplish this assignment, you need to install Wireshark software and complete the fol-
lowing tasks:

1. Turn on wireshark packet sniffing, open a browser and visit https://yahoo.com. When
webpage loading is done, stop Wireshark sniffing.

2. Filter the captured packets using keyword “ssl".

3. Check the public key certificate of Yahoo.com from the browser.

Answer the following questions:

• Based on the public key certificate for Yahoo.com fill in the following information in
Table 1.1. You should attach screen shots to show where you find the answers. (8 pts)

• Based on the captured packets by Wireshark, answer the questions in Table 1.2. You
should attach screen shots to show where you find the answers. (4 pts)

1
 Table 1.1: About the Public Key Certificate
Questions Put your answers here
What is the root Certificate Authority?
What is the issuing Certificate Authority?
How long is the public key?
What are the first 4 bytes of the public key?
How long is the signature?
What are the first 4 bytes of the signature?
What signature algorithm is used?
What is the expiration date of the certificate?

Table 1.2: About the communication

Questions Put your answers here
what is the IP address of yahoo.com?
What is the port number on the yahoo side?
What are the IP address of your computer?
What is the TLS version?

• Locate the client hello packet and take a screen shot to show the following information:
handshake type, all available cipher suites and all available signature hash algorithms.
Circle the information on the screen shot similar to what is shown in Figure 1.1. (3 pts)

• Locate the server hello packet and take a screen shot and circle the following informa-
tion: session ID, random bytes and cipher suite. If you cannot find any of them, then
state clearly. (3 pts)

• Can you find the packet which contains the Yahoo public key certification? If you do,
then take a screen shot and circle the following information: signature and subjectPub-
licKey. Are they the same as you found in the previous table 1.1? If you cannot find it,
then explain why. (3 pts)

• Locate all the TLS handshake packets and draw a dialog graph to explain how session
key is exchanged between client and server. Be specific and explain each step. (4 pts)

Some helpful sources:

https://www.youtube.com/watch?v=u4ht-E-Kihk
https://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art080

2 DNS INSPECTION (25 PTS )

Complete the following tasks:

2
 Figure 1.1: An example on marking on a snapshot

1. Find a way to clear all cached dns records on your browser.

2. Turn on wireshark packet sniffing, open a browser and visit https://concordia-ca.zoom.us.

When webpage loading is done, stop Wireshark sniffing.

3. Set a proper filter on the captured packets to locate all DNS packets.

Answer the following questions:

• Locate the DNS query packet for concordia-ca.zoom.us, and fill in the following infor-
mation in Table 2.1: (9 pts)

Table 2.1: About the DNS query

Questions Put your answers here
What is the source IP address?
What is the source port number?
What is the destination IP address?
What is the destination port number?
What is the DNS query ID?
What is the total length of the packet including all headers?
Is recursion requested?
What is the domain name queried?
What type of answer is requested?

• Locate the DNS response packet for concordia-ca.zoom.us, and fill in the following in-
formation in Table 2.2: (11 pts)

• Suppose the dns cache was also cleared on the DNS local resolver side, how many it-
erative queries the DNS local resolver has to send out in order to answer the question
from your browser? Illustrate the iterations using a diagram similar to the one your see
in the class. (5 pts)

3
 Table 2.2: About the DNS response
Questions Put your answers here
What is the source IP address?
What is the source port number?
What is the destination IP address?
What is the destination port number?
What is the DNS query ID?
What is the total length of the packet including all headers?
Is recursion provided?
Does the packet contains the query information?
How many answers are provided?
What is the final answer (IP address)?
What is the life span of the answer?

Useful reference sources:

[1] https://www.youtube.com/watch?v=yDAHSM2Pijc