 After this theory session I am going to demonstrate about the how the secure circulator works in the real world. So, for that we are going to start with the via shock here, right now I am going to open the via shock through my terminal the via shock as you have seen just in the yesterday session that via shock is a tool which is used to capture the packets at the interfaces. So, here we are going to capture the packets at this interface ethernet 4 as you can see that. So, this is the interface in my virtual machine through which I am going to contact to the web server. Now, I am going to google.com notice one more one important thing here I just typed google.com I have not written anything else not HTTP not HTTPS is still as you can see that it automatically comes with HTTPS and in the URL you can also notice SSL in the end. So, our server and a browser know that this particular session has to be secure. So, if you want to know that we have to inspect the packets which were communicated between these two entities for that we are going to see the packet captured in this process. So, it is started with the standard query to google.com as a DNS and now we get the response in the second message which is query response for with the IP address of google.com and now it is starting with three way handshake TCP this is the first message which is syn followed by syn act and then act. So, now TCP handshake has been completed. Now, the first message which is a get request HTTP request we want to know the content of this request we can see here the host is google.com of course this is the content of the HTTP request which is sent to the server and now we will wait for the reply HTTP reply which is here. Here we can see that it is 302 means moved temporary means this particular URL has been moved temporary to this new location. So, google responded with that the URL you are trying to browse is now has been moved to this particular location. So, our browser will do it will close this particular TCP session and it start a new one. So, you can see the fin and fin act here and now again the same procedure will happen with DNS again then DNS response again since in act act and notice this get it is now to the new location and now we will wait for the HTTP response which is again 302. Which is saying that it is again moved temporary. So, what is google trying to do is trying to do this now you can see that it is HTTPS. So, through this procedure google server told the browser that you have to create a secure session to talk to me this is HTTPS ending with SSL. So, now again the session will be closed we get the fin act new session start since in act act and now just after the three way handshake as the browser know that I have to create a HTTPS session. So, it is started with SSL protocol as professor already told you that SSL protocol contains of two protocols first one is handshake protocol and the second one is recorded protocol. So, for the handshake protocol there are four steps. The first step is client hello message this is the initiating message which is sent from the browser to the server. So, this client hello message what it contains is we can see here this is the IP layer and then TCP and then secure socket by the way secure socket layer works about TCP and blow application layer. So, it is sandwiched between them. So, now we are going to see the content see this is handshake protocol client hello within that. So, how a server will know that this particular message is a handshake message. So, to answer that we have a content type see if you try to see at the hexadecimal value it is written as 16 in decimal it means 22. So, when a server see 22 in here it knows that it is a handshake protocol and within handshake protocol as you can see here it is handshake protocol and within that it is client hello and notice here client hello has content type as 0 1 same as in hexadecimal value you can see the 0 1 here down there in the bottom you can also see the type of handshake message SSL dot handshake dot type which is of 1 byte of course. So, this is the content basic content of client hello message. Now the important content of the client hello message now we come to the important message which is session ID. So, as professor had told you when the client hello message come it can contain a session ID which is used to resume a previous session or the browser can initiate a new session. So, if he wants to resume a session he will send that particular sessions ID in the client hello message. If he want to create a new session it will respond with just session ID length is equal to 0. So, here the client wants to create a new session that is why he is responded with a client as 0 and here we can see the random nouns this is random nouns as you can see that in the bottom it is random challenge used to authenticate the server SSL dot handshake dot random byte this is of 28 byte this is 28 byte data noun and this is our RA and the third most important thing is cipher suite. So, basically cipher suite is a negotiation business means the browser tells the server that I have these 23 set of algorithms which do you want to use. So, it simply shows all the 23 suites see this is the list of all the cipher suites it supports. So, what a cipher suite is here you can see that it is a bunch of algorithms which are used for key exchange for signature generation and its verification for encryption purpose and for calculating MAC and digest. So, as you can see here in this particular highlighted cipher suite we have ECDHE which is elliptic curve Diffie-Hellman exchange which is used for the key exchange mechanism the second one is RSA which is going to be used for signature and verification the third one is ES128. So, which is used for the encryption purpose which is 128 bytes GCM is the mode of operation and SHA256 is a digestion protocol. So, now we are receiving server hello. So, when the server receive this message this client hello message it respond with that out of all these cipher suite I want to go with this. So, as you can see that again the content type is 22 which is handshake and within handshake we have server hello which is 2 and this is the random nouns given by the server. So, it is our RB which is of course 28 byte and you can see the cipher suite here this particular cipher suite with code C02B is going to be used. So, one thing here it is session ID length is equal to 0. So, the server may return a empty session ID to indicate that the session will not be cached and therefore cannot be resumed. So, if the server wants to resume a session he will respond with a session ID. So, we have done with the client hello message the server hello message and now comes the important thing which is the certificate of the server. In the certificate there are several fields, but some of them are very very important to note like the public key of the subject which is google.com here, the signature the certificate authority the validity of the certificate. So, the certificate can be seen here in the Vyashak also and the better way I mean the graphical way to view the certificate is this. It can be viewed in the in your own browser see you can do this at your own end in the lab session that here you can see the HTTPS and you can also must be seeing a lock what this lock is. If you click on it it will show you you are connected to google.co.in this is run by of course google, but verified by google in and the connection to this website is secure. And if you want to know what the certificate is in this particular case go to the more information you certificate see. So, now we have the certificate of google.com. So, issued to google.com its sealant number issued by of course google internet authority G2 which is the CA in this case and now here you can see that validity. The validity is witnessed the second of July I mean just 10 days before and it is expires on 30th of September 2014. So, within that period google.com can use that server that certificate and these are the fingerprints SHA-1 and Md5. So, this is the basic detail of the certificate and now if you want to go the detail information of what a certificate contains then go to the detail tab see this is the certificate hierarchy. In this hierarchy there are certain certificate fields and their fields value. So, as I have already told that there are several fields and not all of them, but some of very important. So, I am going to show you like this. So, certificate signature algorithm which is SHA-1 with RSA encryption. So, first signature purpose this particular encryption has been used and now I am going to show the validity which is second of July and not after 30th of September. So, this is the validity purpose and now the most important thing subject public key information. So, as professor already told it uses elliptic curve cryptography as a public key cryptography using NISTP 256 which is a standard you will come to know in the later in this workshop. Now, subject public key which is of 256 bits with the base point of length 256 bits. Again certificate signature algorithm certificate signature value which is 256 bytes. So, after signing the signature becomes of size 256 bytes. So, this is these are the information a certificate contains. So, now certificate business has been over. So, we have through step 1 and step 2 now comes the step 3 which is now the client generates the pre-master secret send it over and both client and the server will compute the 6 keys the 6 secrets. So, after the client computes its secret it sends client key exchange with chain cypher spec. So, we are going to inspect what it contains again it is a handshake. So, with the content type is 22 and within handshake it is client key exchange. So, type is 16 and after client key exchange you can see that it is chain cypher spec protocol. So, what does it mean? It means that after this message the client is going to send all the message which will be encrypted. One thing to notice here it is from the client side not from the server side see. So, this is 10 dot 0 dot 2 dot 15 is mic id which is my browser id I mean laptop id and the 74 125 236 dot 56 is Google dot com id. So, it is the message from the client to the server that client key has been exchanged and chain the cypher suit. Now, we will wait for the servers response for the chain cypher suit. This is application data from the client this is the encrypted handshake message from the server to the client that ok from now on even I will send the data in the encrypted format see this is here this is this message from the server to the client. So, after this the handshake has been finished and now the record record layer protocol which will encrypt the data using the session keys just negotiated.