CN - 302

Lab 5 Report
Prepared By :- 191CS140 && 191CS152

1) Develop a code to illustrate a secure socket connection between client and server.
We will write a program where not only the client verifies the
server’s certificate, the server verifies the client too.

The SSL server program creates a server socket and listens on

port 8082 on localhost.

The SSLSocket is supplied with the CA Certificate, the certificate of

the server and the corresponding private key.

A call to the getpeercert() on the connection(ie., the SSLSocket

instance) gets the certificate of the client/server depending on if
you are server/client.

If there is no certificate, we notify that it’s a bad connection and

break out from the connection

We'll create Self-signed server and client certificates through

openssl. Normally you’d use a server certificate from a Certificate
Authority such as Let’s Encrypt, and would setup your own
Certificate Authority so you can sign and revoke client certificates
Once the client and server connection is established, we can send
and receive data.

Program Outputs:

Full Program :

Server:

import socket

from socket import AF_INET, SOCK_STREAM, SO_REUSEADDR, SOL_SOCKET,

SHUT_RDWR

import ssl

listen_addr = '127.0.0.1'

listen_port = 8082

server_cert = 'server.crt'

server_key = 'server.key'

2
client_certs = 'client.crt'

context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)

context.verify_mode = ssl.CERT_REQUIRED

context.load_cert_chain(certfile=server_cert, keyfile=server_key)

context.load_verify_locations(cafile=client_certs)

bindsocket = socket.socket()

bindsocket.bind((listen_addr, listen_port))

bindsocket.listen(5)

while True:

print("Waiting for client")

newsocket, fromaddr = bindsocket.accept()

print("Client connected: {}:{}".format(fromaddr[0], fromaddr[1]))

conn = context.wrap_socket(newsocket, server_side=True)

try:

print("SSL established. Peer: {}".format(conn.getpeercert()))

except:

print("Bad Connection!! Disconnecting...")

conn.close()

break

buf = b'' # Buffer to hold received client data

try:

while True:

data = conn.recv(4096)

3
 if data:

# Client sent us data. Append to buffer

buf += data

else:

# No more data from client. Show buffer and close

connection.

print("Received:", buf)

break

finally:

print("Closing connection")

conn.close()

break

Client:

import socket

import ssl

host_addr = '127.0.0.1'

host_port = 8082

server_sni_hostname = 'example.com'

server_cert = 'server.crt'

client_cert = 'client.crt'

client_key = 'client.key'

4
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
cafile=server_cert)

context.load_cert_chain(certfile=client_cert, keyfile=client_key)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

conn = context.wrap_socket(s, server_side=False,

server_hostname=server_sni_hostname)

conn.connect((host_addr, host_port))

try:

print("SSL established. Peer: {}".format(conn.getpeercert()))

except:

print("Bad Connection!! Disconnecting...")

conn.close()

print("Sending: 'Hello, world!")

conn.send(b"Hello, world!")

print("Closing connection")

conn.close()

2) Capture TCP Packets and:

a. Analyse the three-way handshake during the establishment of the
communication.
b. Identify if there are any retransmitted segments.

5
 a) A TCP three-way handshake consists of three transmissions:
1) One packet from client to server (SYN), telling the server
that the client wishes to connect to the server, and start
segments with a particular sequence number.
2) A packet from server back to the client, where the server
acknowledges the client’s connection request (ACK), and also
sends the segment number from which it wishes to start
sending segments to the client.
3) A packet from client to server, (once the packet from the
previous step reaches the client), acknowledging the
previous packet, so that data transfer can now begin
between the client and server.
The steps followed to capture TCP packets for the host
“google.com” are as follows:
1) Start a wireshark capture.
2) Type in the command “telnet www.google.com 80” in the
command prompt, to establish a connection with google.com
at port 80.

Then close the command prompt to close the connection

with google.com .
3) Stop the wireshark capture, and in the filter field, enter the
filter “tcp.port==80” to filter out the TCP packets that use port

6
 80, which in this case, includes the packets used in the tcp
handshake between my computer, and the “google.com” host.

The first packet here is related to the TCP SYN traffic, i.e, the first
part of the handshake, sent by client to server.
The different fields here are:
1) Ethernet 2:

Here, source is the MAC address of my PC, and destination is

the MAC address of the default gateway (router, since the
client host(my PC) doesn’t know the MAC address of the
google.com host).
2) IPv6:

Here, the source is the IP address of the client (my PC), and
destination is the IP of one of Google’s web servers.
3) TCP:

7
 Here, source port is 64188, a port selected dynamically for
the request. The destination port is 80, the port used by
HTTP. Notice that the SYN flag has been set in this request.
Also, the sequence number in this packet has been set to
1453795011.

The second packet is related to TCP SYN, ACK traffic. This is sent
by server to client, in which the server acknowledges the first
packet sent by the client, and hence the flag “ACK”. The packets
here are as follows:

8
 1) Ethernet 2:

Here, source is the MAC address of the default gateway, and

the destination is the MAC address of the client (my PC).
2) IPv6:

Here, the source address is the IP address of the Google

server mentioned above, and the destination address is the
IP address of the client (my PC).
3) TCP:

9
 Here, the source port is 80, and destination port is 64188 (the
port used to send the packet in the earlier transmission).
Clearly, the ACK and SYN flags have been set here, as the
bits for those two flags are on. Here, the sequence number is
set to 1015509254, and the acknowledgement number is set to
1453795012, one more than the sequence number of the
previous packet.

The third packet is sent by the client to server, acknowledging the

previous packet sent by server to client, thus completing the three
way handshake, and allowing the actual data transfer to begin. An
analysis of this packet is as follows:
1) Ethernet 2:

Here, source is the MAC address of the client (my PC), and
the destination is the MAC address of the default gateway
(router).

10
 2) IPv6:

Here, source is the IP address of the client (my PC), and the
destination is the IP address of the Google server from the
above packets.
3) TCP:

11
 Here, the source port is 64188, the same dynamic port used
in the previous packets, and the destination port is port 80,
the HTTP port. Also note that the ACK flag has been set to
true here, and acknowledgement number is 1015509255, one
more than the sequence number in the previous packet.
Also, the sequence number is 1453795012.

b) Although the previous exercise didn’t involve any retransmitted

packets, using the filter “tcp.analysis.retransmission” in wireshark
gave a few retransmitted packets:

The IP 20.189.173.5 is one of the IP addresses used by Microsoft.

As visible, the last two packets are retransmitted packets from
port 59810 (dynamically assigned port), to port 443 (HTTPS port).

12