Professional Documents
Culture Documents
Lab 5 Report: 1) Dev Ac o Lta Se Sot Nen Ew Li N Er
Lab 5 Report: 1) Dev Ac o Lta Se Sot Nen Ew Li N Er
Lab 5 Report
Prepared By :- 191CS140 && 191CS152
1) Develop a code to illustrate a secure socket connection between client and server.
We will write a program where not only the client verifies the
server’s certificate, the server verifies the client too.
Program Outputs:
Full Program :
Server:
import socket
import ssl
listen_addr = '127.0.0.1'
listen_port = 8082
server_cert = 'server.crt'
server_key = 'server.key'
2
client_certs = 'client.crt'
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain(certfile=server_cert, keyfile=server_key)
context.load_verify_locations(cafile=client_certs)
bindsocket = socket.socket()
bindsocket.bind((listen_addr, listen_port))
bindsocket.listen(5)
while True:
try:
except:
conn.close()
break
try:
while True:
data = conn.recv(4096)
3
if data:
buf += data
else:
print("Received:", buf)
break
finally:
print("Closing connection")
conn.close()
break
Client:
import socket
import ssl
host_addr = '127.0.0.1'
host_port = 8082
server_sni_hostname = 'example.com'
server_cert = 'server.crt'
client_cert = 'client.crt'
client_key = 'client.key'
4
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
cafile=server_cert)
context.load_cert_chain(certfile=client_cert, keyfile=client_key)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.connect((host_addr, host_port))
try:
except:
conn.close()
conn.send(b"Hello, world!")
print("Closing connection")
conn.close()
5
a) A TCP three-way handshake consists of three transmissions:
1) One packet from client to server (SYN), telling the server
that the client wishes to connect to the server, and start
segments with a particular sequence number.
2) A packet from server back to the client, where the server
acknowledges the client’s connection request (ACK), and also
sends the segment number from which it wishes to start
sending segments to the client.
3) A packet from client to server, (once the packet from the
previous step reaches the client), acknowledging the
previous packet, so that data transfer can now begin
between the client and server.
The steps followed to capture TCP packets for the host
“google.com” are as follows:
1) Start a wireshark capture.
2) Type in the command “telnet www.google.com 80” in the
command prompt, to establish a connection with google.com
at port 80.
6
80, which in this case, includes the packets used in the tcp
handshake between my computer, and the “google.com” host.
The first packet here is related to the TCP SYN traffic, i.e, the first
part of the handshake, sent by client to server.
The different fields here are:
1) Ethernet 2:
Here, the source is the IP address of the client (my PC), and
destination is the IP of one of Google’s web servers.
3) TCP:
7
Here, source port is 64188, a port selected dynamically for
the request. The destination port is 80, the port used by
HTTP. Notice that the SYN flag has been set in this request.
Also, the sequence number in this packet has been set to
1453795011.
The second packet is related to TCP SYN, ACK traffic. This is sent
by server to client, in which the server acknowledges the first
packet sent by the client, and hence the flag “ACK”. The packets
here are as follows:
8
1) Ethernet 2:
9
Here, the source port is 80, and destination port is 64188 (the
port used to send the packet in the earlier transmission).
Clearly, the ACK and SYN flags have been set here, as the
bits for those two flags are on. Here, the sequence number is
set to 1015509254, and the acknowledgement number is set to
1453795012, one more than the sequence number of the
previous packet.
Here, source is the MAC address of the client (my PC), and
the destination is the MAC address of the default gateway
(router).
10
2) IPv6:
Here, source is the IP address of the client (my PC), and the
destination is the IP address of the Google server from the
above packets.
3) TCP:
11
Here, the source port is 64188, the same dynamic port used
in the previous packets, and the destination port is port 80,
the HTTP port. Also note that the ACK flag has been set to
true here, and acknowledgement number is 1015509255, one
more than the sequence number in the previous packet.
Also, the sequence number is 1453795012.
12