Python for Network Engineers

Explaining how TLS/SSL and certificates work

By George El. • February 2019 • Reading time: 9 minutes

In this post I will explain the basics of TLS, because there is a lot of misinformation on the internet and youtube especially. Then I will analyze a TLS connection with wireshark Transport Layer Security is the successor of SSL and provides confidentiality, data integrity, and (mutual) authentication. TLS runs on top of TCP, and sits between the transport layer and the application layer.

How to Find Syn Packets without Syn Ack

By George El. • February 2019 • Reading time: 1 minute

This post is based on a question on wireshark.org and all credit goes there to Kurt Knochner. I just thought it would be nice to test it. So I launched wireshark and I tried to connect to 8.8.8.8 port 80, which I know it won’t reply. if you use as display filter “tcp.

How to Decrypt Https in Wireshark

By George El. • February 2019 • Reading time: 1 minute

In this post, I will show you how to decrypt an https session with wireshark. These instruction will only work with windows 10 and chrome or firefox browser. First I am going to browse to udemy.com and get a capture with wireshark. You see that wireshark cannot see above tcp layer because it is encrypted with TLSv1.

Analyzing an Ftp Connection With Wireshark

By George El. • February 2019 • Reading time: 3 minutes

In this post we will analyze an ftp connection with wireshark. First we see that the client establishes a control connection to port 21 on the server. The server is the one with the public IP address. The RTT time is the difference between SYN and SYN-ACK and is 0.0849. (In order to see the time or delta between displayed packets you have to go to View, Time Display Format, Seconds since previous displayed packet)

Analyzing Wireshark Data with Pandas

By George El. • February 2019 • Reading time: 2 minutes

Pandas is a python package that is used for data analysis. You can do with pandas whatever you can do with Excell, but usually faster. First we will capture some packets from wireshark. I left wireshark run for a couple of mins. then I go to File, Export packet dissections, as CSV.

Analyzing Dhcp Process with Wireshark When There is Relay Agent

By George El. • February 2019 • Reading time: 2 minutes

In this post, I will analyze the dhcp process, when the dhcp server is not on the local locan, but on a remote lan. As we saw on the previous posts, dhcp packets are sent as broadcasts. Broadcasts by default do not leave the local lan. So what happens when you want to have a centralised dhcp server?

Analyzing Dhcp Process With Wireshark

By George El. • February 2019 • Reading time: 2 minutes

In this post, I will analyze the dhcp process using wireshark. Before I begin a few things to note. On windows if you do an ipconfig /release the pc will not go through the entire dhcp process and most likely will send a request, requesting the same ip address. to force the whole process you have to do, net stop dhcp.

Analyzing an Http Connection With Wireshark

By George El. • February 2019 • Reading time: 6 minutes

In this post we will use wireshark to analyze an http connection, where a client requests a single webpage from a server. Here is the output of the capture. you can do right click, open in a new tab, to see full size image. if you want to download the pcap file click here