Encryption in Transit Lab

Open up and analyze http2.pcap

What is the hostname of the http server?

agoldstein-sw.dartmouth.edu

What is the IP address of the http server?

129.170.204.89

What TCP ports were used?

52413 and 443

What is the content of the web page?

<html>
<head><title>Dartmouth Development/Testing Web Server</title></head>
<body>
<div align="center">
<h1>Welcome to cobweb.dartmouth.edu</h1>
<p>This is Dartmouth's development/testing  web server.</p>
<p>Please check your URL to make sure you access the correct site for the web application you wish to use.</p>
<p>If you have questions, please contact <i>webmaster at dartmouth.edu</i></p>
</div>
</body>
</html>

Open and analyze https.pcap in Cloudshark

What is the hostname of the https server?

api.smoot-apple.com.akadns.net

What ports were used?

443 and 52419

• Validity dates?

2006-11-08 through 2021-11-07

• Certificate Authority (aka Issuer)?

Can you find details about the certificate?

The version, serial number, algorithm id, issuer, and validity are all details that are given for the certificate.

What is the content of the web page?

Since this is an https connection the contents of the webpage is encrypted. We can see the data coming from the application however it is encrypted and useless without an encryption key.

Open and analyze login.pcap in Cloudshark

What is the hostname of the http server?

tech.drupalmulti-dev.dartmouth.edu

What was the name and password used to submitted to the login form?

administrator

SuperS3cr3t