Let's FIX a BROKEN TLS Handshake // with Wireshark
HTML-код
- Опубликовано: 28 май 2024
- A client reached out and said that some clients were able to connect to a secure application and others were not. Let's peek at the handshake and see what happened. (pcap used with permission)
Got questions? Let's get in touch.
LinkedIn: / cgreer
RUclips: / chrisgreer
Twitter: / packetpioneer
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - packetpioneer.com/product/pri...
//TLS Course from Practical Networking//
Want to go deeper into TLS? Check out my buddy Ed's course:
classes.pracnet.net/courses/p...
Links above contain affiliate links where I will receive a small amount for any goods purchased. I thank you for clicking because it really helps to support me!!
0:00 Intro
0:28 TLS Client Hello
1:36 Fatal TCP Error
2:04 TLS Protocol Versions
2:46 Why TLS 1.0?
3:37 Conclusion - Наука
You sir are a godsend. Thank you. I'm a network engineer switching to security. My first view of Wireshark left me in shock. Your videos are helping me to get a better picture. Less shock now. Thanks!
This was good stuff. You should do one on IKEv1 vs IKEv2, and Ike with NAT-T with asynchronous agreement.
Oh nice suggestion. hey if I can find the pcaps, I'll do it! Any you got? 🙃
Thanks to watching this I managed to spot a TLS problem saving me hours, mine was a "Fatal Handshake Failure", Many thanks Chris keep up the excellent work :)
Excellent Video. These real world examples are very valuable. Thank you so much. Do you have or plan to make any content on wireless Troubleshooting?
Thanks Vyas. I don't have any plans for wireless analysis. It's not really in my wheelhouse.
Nicely done.
Chris you show as what universities didn’t teach before thank you very much legend
Thanks for watching!
awesome stuff as always chris
when it comes to learning about wireshark and packet analysis you're the go to guy
keep up the good work and keep em coming
Thank you for the comment!
Excellent
can you make videos on DNS traffic analysis ?
Thank you for good information at evening time
Thanks!
Hey Chris, awesome work. Can you show us the DTLS?
great stuff!
I see this happen all the time in Direct Routing scenarios. The TLS 1.0 if I recall is actually deprecated and the new protocol is TLS 1.2 or higher. Once the customer updates TLS PSTN calls works. Thanks Chris amazing as always.
Thanks for the comment Peter!
Excellent
great video, i ran into a similar problem at work, customer was blaming our application it turned out to be a bug in fortigate web filter
Nice find! These ones are fun to tshoot.
Great, hope more is coming 😀
There is! Always more packets to analyze.
u r awesome... as alwayz ...
thanks for sharing this...
Thanks for the comment!
Hey Chris, love your videos. Can you make a video about the tcpdump, tshark etc. I saw your talk on David's channel and you mentioned ring buffers and rotating pcaps. Would be great if you could discuss the same.
ruclips.net/video/DAtyzE1TUlI/видео.html -- got you covered. 🙂
@@ChrisGreer Thanks for the prompt response. Do you also have video for tcpdump (with parameters like snap length etc).
@UCIw2fWJDqpn5HsRemCAPOY%F0%9F%91%8DA I don't, not yet... but the ring buffer is demonstrated in that video. I will have to do another one for tcpdump. Thanks for the suggestion.
Nice and short 🔥
Thanks for stopping by Faran!
I have a question. I’m having similar issues but I’m not seeing that handshake start. I see a bunch of TCP traffic but no client hello or sever hello.
Hey Chris, I just stumbled upon your youtube page and wish I had this years ago when I was learning all this stuff, hah! I am currently working on a research project involving TLS and would love to ask you a rather specific question. Would your business email be okay to reach you at? Thank you for everything you're doing here and keep up the amazing quality of videos!
Hey Roy - Sure no problem, you can hit me up on the email in the description. Looking forward to chatting.
I’m guessing that a TLS update via the browser on the client is what was needed to fix this problem?
Just consistently excellent content as usual from Chris.
Thanks for the comment Alan! The vendor had to get into the guts of the api and update it to a modern TLS implementation. Usually by that time I am hands-off (thankfully!)
can you do some videos about ssh issues
Good work. I noticed when i see your videos i feel like i know everything but when i'm working with Client my head start spinning. I think i need to spend some time to get confidence.
One i think i can say for sure. Since I've subscribed your channel and trying to keep up with every new video you upload here my knowledge of Wireshark has been increased and all credits goes to you!!!
Recently i took one your course "Foundational TCP Analysis with Wireshark" at Pluralsight. AMAZING WORK!!!
Thanks Chris. You are the BEST!!!
I totally understand that - I feel that way too when I am working with my clients sometimes. Just stick to the fundamentals, learn them well. That will always help you!
Starting form 2:25 you selected 'Version : TLS 1.0', however there is another 'Version : TLS 1.0' below, is there any difference between them? or they are saying the same thing?
Basically they are saying the same thing.
In tls v 1.3 u can't inspect much data using Wireshark
Past the first two packets of handshake, the conversation is completely encrypted in TLS 1.3. You'd have to decrypt it like I show in other videos on my channel.
who is using tls1.0 its obsoleted ages ago. ?
This was from an IoT device that wasn't connecting properly. Everything I thought I could forget is new again with IoT. 😉
@@ChrisGreer Agree 👍