TLS Packet Analysis Reference Wikipedia: Transport Layer Security RFC 5246 Previously, we looked at the TCP 3-way handshake. In this post, we will examine TLS communication. Since many blogs have already covered the basics of TLS, I will write this for personal study, comparing it with the RFC documentation. In the next post, I will cover decrypting the encrypted application layer data. Remember, TLS is also a stateful, connection-oriented protocol. ...
Packet Analysis Packet Analysis Goals View IP packet header View TCP packet header See 3-way handshake Reference Page https://support.microsoft.com/en-us/topic/how-to-use-tracert-to-troubleshoot-tcp-ip-problems-in-windows-e643d72b-2f4f-cdd6-09a0-fd2989c7ca8e Filtering for Clarity First, find the part where the 3-way handshake is done with TCP… (I found the [SYN] part by eye) Filter by IP and port IP: Filter packets by sender and receiver to the target host. TCP: Set the sending and receiving ports to the client port. You can see only the communication between a specific client and server on localhost. ...
All sockets connected to the client have the same port number as the server socket! Misconception What I am going to talk about today was quite shocking to me. I used to think that sockets are determined by port numbers. For example, if you have port number 80, there is only one socket for that port. So, when a TCP server establishes a connection with a client, a new client socket is created for each client. I thought that the port numbers of those client sockets would all be different. And theoretically, if resources are sufficient, since 4 bytes are allocated for the socket number, you can create up to 2^16 sockets. ...