Analyzing HTTP over TLS with Wireshark
What is HTTP?
According to cloudflare.com The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web and is used to load web pages using hypertext links.
What is HTTPS?
According to cloudflare.com Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website.
What is TLS?
According to cloudflare.com Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.
Lab
I am doing the analyzing network protocols with Wireshark course on Pluralsight.com.
First, I opened the HTTP over TLS .pcapng file I downloaded from Pluralsight.
As you can see the first two packets use the DNS protocol. First, you see a standard DNS query and then you see a standard DNS query response.
The next to packets use the TCP protocol. Also, you will notice port 443 is being used. That is the standard port for HTTPS.
After scrolling down through the packets I opened a packet that was using TLS. I found that these are the supported cipher suites for this network communication show within the packet. These cipher suites are used for encryption. AES or advance encryption standard is very secure.
Continuing look into this same packet as previously mentioned I found the supported TLS versions. TLS 1.3 is the newest version of TLS. TLS 1.0 is the oldest version of TLS.
This packet shows Application Data Protocol: HTTP over TLS. As you can see TLS 1.3 is being used.
The packets that are black show network latency or a slow down in your network. You can drill down to get more info. This can be used in a real-world scenario where a user experiencing slowness from the network. A network analyst could drill down into TLS 1.3 packet to find out why the previous TCP segment was not captured.
My final thought for this lab is that TLS 1.2 or TLS 1.3 should be used. TLS 1.3 would be the most secure option. HTTPS should always be used instead of HTTP. Using secure protocols can prevent having your information from being sent in cleartext. Using secure protocols would ensure that your information in transit would be encrypted.
Pluralsight course link: https://app.pluralsight.com/library/courses/wireshark-analyzing-network-protocols
Thank you for visiting my blog!
Please leave a donation with the link below if you would like to support the blog.
