What happens when a client connects?

  Рет қаралды 29,279

Chris Greer

Chris Greer

Күн бұрын

Пікірлер: 109
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Let's take a closer look at the client hello. Thanks for watching and please comment to let me know what you think of this content!
@colinrogers9927
@colinrogers9927 2 жыл бұрын
I think a deep dive would be great. I interview people quite often and most do not fully understand the steps to completing a TLS handshake. Everything from 'What are the 3 main things TLS/SSL provides?', to 'Walk me thru a TLS/SSL handshake in detail...', 'How does client authentication work?', or 'How does renegotiation work?' etc etc. Keep up the great work!
@mustafaabdelfattah2493
@mustafaabdelfattah2493 Жыл бұрын
Great vidio Mr. Chris for certificate initial analysis and view We would like to you to present more vidios regarding the certificate topic , as it not clear for most of specialists , and deals with certificate tasks or troubleshooting by dummy steps with shortage of knowledge and deep understand . It would be useful vidios if you continued to make vidios for wireshark certificate capture with common certificate issues to be diagnosed by the capture analysis Like , untrusted certificates or self signed , and missmatch of TLS version issue or application version issue ... etc
@anonymousperson45152
@anonymousperson45152 9 ай бұрын
My favourite guy on the internet. Thanks for amazing information as always.
@scottt2481
@scottt2481 2 жыл бұрын
Fascinating Chris. Thanks for putting in the heavy lifting to break down the technology into English. Loving the content my guy
@tomhekker
@tomhekker 2 жыл бұрын
Your videos are awesome. I am a 20 year network veteran but I keep learning new stuff from you, or nifty WireShark features. Keep the good content up man, love it!
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you for the comment tom!
@RolandKnall
@RolandKnall 2 жыл бұрын
As good as ever Chris! Looking forward to the next episodes
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you Roland! And a special shout-out to Sake for looking it over first to make sure I didn't say anything completely stupid. 😄
@pmaurin
@pmaurin 2 жыл бұрын
Awesome intro. Can’t wait for the explanation of the rest of the TLS handshake.
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you! I can’t wait to make it!
@venkatesh4760
@venkatesh4760 2 жыл бұрын
Thanks a lot Chris , I was actually working on enabling ssl on my pihole yesterday , this video helped me a lot in understanding the versions and ciphers. Thanks once again for this clear explanation.
@dark_hyrax5007
@dark_hyrax5007 2 жыл бұрын
What a coincidence lol. I was looking for a TLS video on your channel last night and then you posted this video this morning lol. Thanks!🤣
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Awesome! Thanks for the comment. I hope this video and the ones to follow help you to understand TLS!
@avinashshankarpalli2130
@avinashshankarpalli2130 2 жыл бұрын
Very crisp explanation 🙂
@x0rZ15t
@x0rZ15t 2 жыл бұрын
Thank you, Chris, awesome video as always! Can't wait for the next one!
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you for the comment!
@faran_siddiqui-d3t
@faran_siddiqui-d3t 2 жыл бұрын
Nice one Chris😄. Good luck for your BlackHat and Defcon session. I'll one day meet you there in few years!!!
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thanks Faran! For sure, hope to meet you in person one day.
@TheKb117
@TheKb117 2 жыл бұрын
came and subbed from your interview with David Bombal... great interview, btw.... Now, I gotta google TLS and how it relates to SSL :D
@BenOwen
@BenOwen 2 жыл бұрын
Thank you so much for the content you put out like this video. I eat up every video, the information is very helpful and the pace great as well. I'd love to keep hearing more about the TLS handshake but any videos with Wireshark in them are great too!
@ceciliaperez-benitoa26
@ceciliaperez-benitoa26 2 жыл бұрын
Thank you for your informative videos! My basic understanding of TLS is that it is used between endpoint and server to negotiate which encryption algorithm and data integrity to use. What is less clear is whether TLS is itself an encryption protocol? I often see sites refer to it as encryption protocol. CN you clarify. Thank you!
@Azy_Azhar
@Azy_Azhar Жыл бұрын
Thank you for the valuble updates,help me to refresh my mind.
@raymation3d
@raymation3d 2 жыл бұрын
Hello Chris all of your wireshark videos have been helpful!!
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you!
@sethbunce4690
@sethbunce4690 2 жыл бұрын
Very informative video. At one point you hinted that the ServerName might be encrypted in the future. I think that always has to be plaintext for middle-boxes (reverse proxies) which don't terminate TLS. High traffic reverse proxies avoid terminating TLS because it prevents the use of something like splice(2) in the linux kernel which allows piping data from one TCP connection to another without any of the data needing to be decoded in userspace (or decoded at all, other than the ClientHello).
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Hi Seth, totally agreed. But I think there will start to be instances where we see it encrypted in the near future. Here is one reference www.cloudflare.com/learning/ssl/what-is-encrypted-sni/
@sethbunce4690
@sethbunce4690 2 жыл бұрын
​@@ChrisGreer First I'd heard of ESNI and ECH. I found the draft RFC in the link you provided. (first impression) Looks like ECH is compatible with the middle-box scenario I outlined (which the RFC calls a split-mode topology). It's distributing a public key via DNS, and providing a fallback where a client can complete negotiation with a server to learn the ECH public key direct from the server (at the cost of an extra round trip). Looks like the middle-boxes performing ECH would need access to the ECH private key, but not the TLS private keys of the backends that terminate TLS. I also found RFC8744 which outlines "unanticipated use of SNI" in section 2.1 which provides the motivation for ECH. I didn't previously understand how SNI was being abused. The reason why Cloudflare is working on ESNI/ECH seems clear. datatracker.ietf.org/doc/rfc8744/ Thank you for sharing your knowledge. I just found your channel today and now I got some binge-watching to do. 🙂
@PKJamal-b5q
@PKJamal-b5q 8 ай бұрын
Thanks, I would love to see more on TSL handshake
@americansoil8260
@americansoil8260 Жыл бұрын
Thanks look forward to more videos on wireshark
@Joallyson
@Joallyson Жыл бұрын
Amazing content! I'd like to see some packet capture with tls handshake mismatching.
@ChrisGreer
@ChrisGreer Жыл бұрын
Great suggestion!
@juanrebella2589
@juanrebella2589 2 жыл бұрын
Thanks Chris! Appreciated. Juan.
@IK-iu4rz
@IK-iu4rz 8 ай бұрын
Hi Chris, Thank you so much for your time and effort. Great content as always .Could you do SSL offload on F5 and broken TLS
@tranxn7971
@tranxn7971 2 жыл бұрын
Thanks a lot Chris, really good video as usual. I did not know about the "supported version" extensions. It is a bit sad that they are planning to not have Server Name is plain text anymore. That field is really useful to know the name of a server (via HTTPS or RDP) when DNS do not have record of that server.
@ChrisGreer
@ChrisGreer 2 жыл бұрын
I agree! Too bad it probably won't be here forever. But hey, I will enjoy it while it lasts... www.cloudflare.com/learning/ssl/what-is-encrypted-sni/
@jpancrazio
@jpancrazio 2 жыл бұрын
As always, great job,, excellent instructing style !
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you!
@FelipeAugusto-xh8zc
@FelipeAugusto-xh8zc 2 жыл бұрын
Fantastic content as always Chris. Would be great to see some content on BGP too. :) Thanks for the hard work
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thanks for the suggestion!
@RolZuela
@RolZuela 2 жыл бұрын
Thank you as always!
@lamjeri
@lamjeri 2 жыл бұрын
Funny to hear that TLS standard is planning to make the SNI go away (maybe just encrypt it in the future?). About a month ago, I was solving an issue for a customer, which turned out to be an old browser without SNI support trying to contact an SNI only server. The SNI field (or the absence of it) was key to the discovery of that problem. Encryption of that field would make the diagnosis very difficult.
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Didn’t mean to be unclear… by “going away” I meant that there are efforts to encrypt it. ESNI - so yeah, not sure how widely it will be implemented, but one day we may not have it in the clear anymore…
@ChrisGreer
@ChrisGreer 2 жыл бұрын
www.cloudflare.com/learning/ssl/what-is-encrypted-sni/
@lamjeri
@lamjeri 2 жыл бұрын
@@ChrisGreer I guessed it would be encrypted rather than removed. It's kinda important nowadays ^_^
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Agreed! Which is why when it gets encrypted a very useful troubleshooting data point will be lost!
@SumanthLingappa
@SumanthLingappa 3 ай бұрын
Chris, as always awesome 😊. Where’s the next video of this? I’m not finding in your channel
@asamitsingh94
@asamitsingh94 2 жыл бұрын
Best explanation ever saw.. Thank you sir
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you! Please share with anyone you think could benefit.
@williambarrett7108
@williambarrett7108 2 жыл бұрын
I would absolutely like you to expound upon the versions tls starting with the acronym.
@arlemooldijk1595
@arlemooldijk1595 2 жыл бұрын
Very interesting video! Now it makes much more sense!👍
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Glad you think so!
@tg9460
@tg9460 2 жыл бұрын
You got my interest. Your explaination and pace is very refreshing. What do you recommend for beginners to learn wireshark? I am very interested in learning this technology.
@paddy7154
@paddy7154 2 жыл бұрын
The version incompabilty pcap would be nice too see :)
@DasEgooDuo
@DasEgooDuo 2 жыл бұрын
Thank you for the content. Im highly interested why they went for 1.2 cause of some middle boxes. Where does the infos come from that they have to go this version to not let the packets drop?
@ChrisGreer
@ChrisGreer 2 жыл бұрын
If they put TLS 1.3 immediately at the handshake layer, what would a middlebox do that is inspecting TLS? If it doesn't yet support 1.3, it will probably drop and reset the connection. I'm very sure a ton of research and testing went into that aspect. The same is true for TCP and other protocols. It is hard to migrate things to new features over boxes that don't yet support those features, all the while still supporting endpoints that have not migrated either.
@EduardKhiaev
@EduardKhiaev 2 жыл бұрын
Can we look inside a quic packet? Is there a way to see http2/3 in plain text without a proxy in the middle?
@ChrisGreer
@ChrisGreer 2 жыл бұрын
kzbin.info/www/bejne/h4O1eXSVas2GaMU I did a video on how to capture the TLS 1.3 keys on the client side. I include the pcap and keylog in the video so you can follow along.
@jjames7206
@jjames7206 2 жыл бұрын
Great topic!! Chris, Great!
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Glad you enjoyed it!
@TheChinobi23
@TheChinobi23 2 жыл бұрын
Amazing content
@polhokustaa4989
@polhokustaa4989 3 ай бұрын
I would be interested to know how I could measure round trip times vs. application processing time of a web server. This would be very useful to identify if the slowness is caused by the network (round trip time) or by the application.
@kkb8510
@kkb8510 2 жыл бұрын
Hey Chris please do a video as you mentioned about broken tls conversations.
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thanks for the feedback!
@u2gotcha
@u2gotcha 2 жыл бұрын
Thanks Chris, what will be best way to decrypt SSL communication in the server side with tshark
@ChrisGreer
@ChrisGreer 2 жыл бұрын
At that point, the only way I have seen it done is with a TLS proxy. But I am sure if you Google hard enough you will find others…here is an example. www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/m-ssl-proxy.pdf
@eregaifredrick77
@eregaifredrick77 2 жыл бұрын
Hey chris, can i use wireshark when deploying openstack services
@TheBoyNamedR
@TheBoyNamedR 2 жыл бұрын
I'm at the beginning of my IT journey. Currently Helpdesk, looking to move to Networking, then maybe SOC. Is this covered in any certification or is this on the job/experience learning?
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Yeah there are several certs in the industry where having a good sense of packet analysis and protocols will help. CCNA, Net+, even Sec+ just to name a few
@praveenas1389
@praveenas1389 2 жыл бұрын
@chris geat video!!! A question..Out of curiosity.. is it possible that there could be a case where client's cipher suite doesn't match with the server ? In that case, will it be like client will not be able to access that server at all ?
@ChrisGreer
@ChrisGreer 2 жыл бұрын
That is correct, the server should return an error and the handshake will fail if there is a cipher mismatch. I am looking for a pcap to demo that - it would make a nice video!
@praveenas1389
@praveenas1389 2 жыл бұрын
Thank you so much!!! You are the best!!!
@jackbloem3437
@jackbloem3437 2 жыл бұрын
Love your videos
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thanks!
@majiddehbi9186
@majiddehbi9186 2 жыл бұрын
as alwasy clear precise, perfect my respect chris and good bless u, you make me less stupid at every video u made God bless u
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thank you!
@uzumakiuchiha7678
@uzumakiuchiha7678 2 жыл бұрын
Thanks
@joerockhead7246
@joerockhead7246 2 жыл бұрын
Chris, Great video. I recently came across a TLS issue where the client sent the hello and never received the server hello back. There was some confusion to the Record version vs the Handshake protocol version. Thanks for clarification.
@arlemooldijk1595
@arlemooldijk1595 2 жыл бұрын
I ran into the same about a month or so ago, now that I saw this video I understand why there's TLS 1.0 in the first part and TLS 1.2 in the next. I think the issue is related to ciphers not being supported by the server because I also see no reponse from the server after the client hello. Hopefully Chris can confirm if that it is indeed expected behavior (or could be).
@neadlead2621
@neadlead2621 2 жыл бұрын
hello chris I really appreciate your work,thank you for sharing your knowledge I hope that u can answer my question ,in david's video where he explain tls we find that the client start with the change cipher spec but here we find that the server starts can you please explain why,hope you the best
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Typically, the client gives a list of supported ciphers, the server selects one, then in 1.3, changes cipher spec to start using it. After that the client does the same and we complete the handshake. Hope that helps
@neadlead2621
@neadlead2621 2 жыл бұрын
@@ChrisGreer thanks chris for the help
@upelister
@upelister 2 жыл бұрын
Great video thank you.🦈
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Glad you enjoyed it
@rajneeshrai1781
@rajneeshrai1781 2 жыл бұрын
You sniff my mind really wanted to learn about this #Chris #TLS
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Glad you like the content! I have been hoping to do this content for some time. It's gonna be fun to dig into.
@jfiffick
@jfiffick Жыл бұрын
When I type tcp contains wireshark or any other site, my display filter show red as its invalid.
@jfiffick
@jfiffick Жыл бұрын
Need to add quotes around the word your are searching for in new release of Wireshark. tcp contains "wireshark"
@aqeelkirmani7391
@aqeelkirmani7391 2 жыл бұрын
Why am I getting alert from client side TLS 1.3 - ALERT LEVEL - FATAL - DESCRIPTION PROTOCOL VERSION and then client sending a rst when I have the exact same client hello as in this video
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Could you share the pcap? packetpioneer (at) gmail.com
@76739
@76739 2 жыл бұрын
Thanks 👍
@ChrisGreer
@ChrisGreer 2 жыл бұрын
No problem 👍
@patrickborys3490
@patrickborys3490 2 жыл бұрын
Hi, I would like to see the corrupt version of a handshake ;) !!
@ChrisGreer
@ChrisGreer 2 жыл бұрын
For sure! I will make a video for that
@patrickborys3490
@patrickborys3490 2 жыл бұрын
@@ChrisGreer Cant wait :) ! Love your videos !! :)) Thanks for sharing your knowladge !
@dynamics9000
@dynamics9000 2 жыл бұрын
You always have an excuse that stops you from starting a business, Then you are the one to demolish the excuses and get started ! a fellow creator][][][
@ggutierrezdieck
@ggutierrezdieck 2 жыл бұрын
Hi Chris, great video, as always with all your videos. Thanks. I would be very interested in a video regarding issues with TLS version mismatch. I have a customer with an issue that seems related to this, but I cant figure it out so your video will be an awesome tool to try to understand. if you have some resources that could help it will be greatly appreciated.
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Ok Gerardo, thanks for the feedback!
@devanandjha5284
@devanandjha5284 2 жыл бұрын
Yes,we would like to see broken communication due to tls mismatch
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Thanks for the comment!
@bricianmcwilliams2839
@bricianmcwilliams2839 2 жыл бұрын
Broken TLS video, please! :)
@Naveenbabuborugadda
@Naveenbabuborugadda Жыл бұрын
Your eyes are green
@raya3068
@raya3068 Жыл бұрын
@tg9460
@tg9460 2 жыл бұрын
You got my interest. Your explaination and pace is very refreshing. What do you recommend for beginners to learn wireshark? I am very interested in learning this technology.
@ChrisGreer
@ChrisGreer 2 жыл бұрын
Look no further! kzbin.info/www/bejne/hYaQcmV7orulgbM this video on my channel is great for beginners to learn wireshark.
@jackbloem3437
@jackbloem3437 2 жыл бұрын
I know we need the theory but the practical stuff you teach is very interesting.
How TCP Works - Duplicate Acknowledgments
14:14
Chris Greer
Рет қаралды 51 М.
TLS Handshake - EVERYTHING that happens when you visit an HTTPS website
27:59
Practical Networking
Рет қаралды 134 М.
黑天使被操控了#short #angel #clown
00:40
Super Beauty team
Рет қаралды 61 МЛН
Try this prank with your friends 😂 @karina-kola
00:18
Andrey Grechka
Рет қаралды 9 МЛН
How QUIC Works - The Handshake
9:51
Chris Greer
Рет қаралды 22 М.
TLS Handshake Deep Dive and decryption with Wireshark
1:05:40
David Bombal
Рет қаралды 287 М.
Explaining TLS 1.3
18:00
F5 DevCentral
Рет қаралды 73 М.
Transport Layer Security (TLS) - Computerphile
15:33
Computerphile
Рет қаралды 489 М.
FIVE COMMON MISTAKES when using Wireshark
6:49
Chris Greer
Рет қаралды 29 М.
Troubleshoot TLS Handshake Failures using Wireshark
31:33
Plaintext Packets
Рет қаралды 31 М.
TLS Handshake Explained - Computerphile
16:59
Computerphile
Рет қаралды 571 М.
Breaking Down the TLS Handshake
12:29
F5 DevCentral
Рет қаралды 257 М.
Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example)
24:20
Hussein Nasser
Рет қаралды 266 М.