{"id":26701644,"url":"https://github.com/compcode1/wireshark-https-analysis","last_synced_at":"2025-03-27T01:29:43.486Z","repository":{"id":284648805,"uuid":"955624085","full_name":"Compcode1/wireshark-https-analysis","owner":"Compcode1","description":"This project aimed to analyze an entire HTTPS session captured in Wireshark, starting from the DNS resolution to the full TCP \u0026 TLS handshake, followed by encrypted data transmission and proper connection termination.","archived":false,"fork":false,"pushed_at":"2025-03-27T00:02:14.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-27T00:29:21.488Z","etag":null,"topics":["analysis","https","wireshark"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Compcode1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-26T23:51:30.000Z","updated_at":"2025-03-27T00:02:57.000Z","dependencies_parsed_at":"2025-03-27T00:40:44.078Z","dependency_job_id":null,"html_url":"https://github.com/Compcode1/wireshark-https-analysis","commit_stats":null,"previous_names":["compcode1/wireshark-https-analysis"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fwireshark-https-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fwireshark-https-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fwireshark-https-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Compcode1%2Fwireshark-https-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Compcode1","download_url":"https://codeload.github.com/Compcode1/wireshark-https-analysis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245764314,"owners_count":20668384,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","https","wireshark"],"created_at":"2025-03-27T01:29:43.043Z","updated_at":"2025-03-27T01:29:43.475Z","avatar_url":"https://github.com/Compcode1.png","language":"Jupyter Notebook","readme":"Final Summary: HTTPS Traffic Analysis with Wireshark\n🚀 Objective\nThis project aimed to analyze an entire HTTPS session captured in Wireshark, starting from the DNS resolution to the full TCP \u0026 TLS handshake, followed by encrypted data transmission and proper connection termination.\n\nThroughout this project, we meticulously tracked the flow of events to understand the precise order in which they occur. This method ensures that future Wireshark analyses will be structured, efficient, and meaningful.\n\n📌 Step-by-Step Flow of Events\nWe followed the logical sequence of a web request using HTTPS, breaking down each critical phase:\n\n1️⃣ DNS Resolution (Converting Domain to IP)\nThe client queried a DNS server to resolve the website name (weightlifting.com) into an IP address.\n\nThis process is necessary before establishing any network connection.\n\n2️⃣ TCP Handshake (Establishing a Connection)\nA three-way handshake was performed between the client (192.168.1.185) and the web server (199.59.243.228) on port 443 (HTTPS).\n\nThis process included:\n\nSYN → SYN-ACK → ACK\n\nA bidirectional connection was successfully established.\n\n3️⃣ TLS Handshake (Establishing Secure Communication)\nClient Hello: The client proposed supported TLS versions, cipher suites, and extensions.\n\nServer Hello: The server selected TLS 1.3, a cipher suite (AES-GCM-SHA256), and a key exchange method (X25519).\n\nKey Exchange: The client and server established a shared secret key using asymmetric encryption.\n\nFinished Message: Both parties switched to symmetric encryption, securing all subsequent data.\n\n4️⃣ Encrypted HTTPS Data Transmission\nOnce the TLS handshake was complete, actual HTTP data was exchanged, but it was fully encrypted within TLS packets.\n\nThese packets were identified as Application Data inside TLS 1.3 Record Layers.\n\n5️⃣ Connection Termination (Graceful TCP Shutdown)\nThe server initiated the FIN-ACK to begin closing the connection.\n\nThe client acknowledged the request and responded with its own FIN-ACK.\n\nThe server then confirmed closure, marking the official end of communication.\n\n🔑 Key Takeaways\n✅ Flow Matters: Every network connection follows an orderly, structured process. Understanding this sequence allows accurate troubleshooting in Wireshark.\n✅ Security Layers: TLS encryption secures HTTPS traffic, ensuring that data remains confidential and tamper-proof.\n✅ Efficient Analysis: Recognizing Client Hello, Server Hello, Encrypted Data, and TCP FIN packets is crucial for evaluating secure web communications.\n✅ Real-World Relevance: This project reflects real-world security analysis, applicable to network security monitoring, intrusion detection, and compliance audits.\n\n🚀 Next Steps\nThis project provided a strong foundation in analyzing HTTPS traffic. Moving forward, we could explore:\n\nDecrypting HTTPS traffic with session keys (if available).\n\nComparing TLS 1.3 vs. TLS 1.2 behaviors in Wireshark.\n\nIdentifying anomalies in encrypted web traffic (e.g., malicious activity, certificate mismatches).\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompcode1%2Fwireshark-https-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcompcode1%2Fwireshark-https-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompcode1%2Fwireshark-https-analysis/lists"}