[cs615asa] HW4

Rozy Gupta rgupta11 at stevens.edu
Mon Mar 18 17:22:58 EDT 2019 

For facebook.com, do we need to capture packets in facebook.txt  only from the server or from both client and server?

Best,
Rozy

-----Original Message-----
From: cs615asa-bounces at lists.stevens.edu <cs615asa-bounces at lists.stevens.edu> On Behalf Of Jan Schaumann
Sent: Sunday, March 17, 2019 10:16 PM
To: cs615asa at lists.stevens.edu
Subject: Re: [cs615asa] HW4

Rozy Gupta <rgupta11 at stevens.edu> wrote:
> 
> Can somebody explain me how exactly the following command works?
> 
> ( printf "GET / HTTP/1.1\r\nHost: https://nam02.safelinks.protection.outlook.com/?url=www.yahoo.com&amp;data=02%7C01%7Crgupta11%40stevens.edu%7Cc6f0f5b976854598ee8c08d6ab47bd0b%7C8d1a69ec03b54345ae21dad112f5fb4f%7C0%7C0%7C636884721949034585&amp;sdata=EcuYfmfWzMtlFEdsAznIgLsW8xTej9ruLEJ4BudYKJ0%3D&amp;reserved=0\r\n\r\n"; sleep 1; ) | \
>         openssl s_client -connect 
> https://nam02.safelinks.protection.outlook.com/?url=www.yahoo.com%3A44
> 3&amp;data=02%7C01%7Crgupta11%40stevens.edu%7Cc6f0f5b976854598ee8c08d6
> ab47bd0b%7C8d1a69ec03b54345ae21dad112f5fb4f%7C0%7C0%7C6368847219490445
> 93&amp;sdata=O17bLEfUpf1UehtXHCheWpBP3x2Qn1yW%2FYTA0d1I6GM%3D&amp;rese
> rved=0

The command 'openssl s_client -connect https://nam02.safelinks.protection.outlook.com/?url=www.yahoo.com%3A443&amp;data=02%7C01%7Crgupta11%40stevens.edu%7Cc6f0f5b976854598ee8c08d6ab47bd0b%7C8d1a69ec03b54345ae21dad112f5fb4f%7C0%7C0%7C636884721949044593&amp;sdata=O17bLEfUpf1UehtXHCheWpBP3x2Qn1yW%2FYTA0d1I6GM%3D&amp;reserved=0' makes a TLS connection to the host 'https://nam02.safelinks.protection.outlook.com/?url=www.yahoo.com&amp;data=02%7C01%7Crgupta11%40stevens.edu%7Cc6f0f5b976854598ee8c08d6ab47bd0b%7C8d1a69ec03b54345ae21dad112f5fb4f%7C0%7C0%7C636884721949044593&amp;sdata=YZfIZGSRR5%2FlAxB1iWvjTttVZWdxWBsunGEvGnVFgfM%3D&amp;reserved=0' on port 443.  It will then sit there and read input from stdin to write to the remote host.

The parenthesis create a subshell, allowing you to run multiple commands with their sequentially combined stdout being piped into the 'openssl'
command.

'printf ...;' prints the HTTP request on stdout with all required carriage returns and line-feed characters.

'sleep 1' is added to allow the 'openssl' command to read the input from stdin, send it to the remote site and receive the remote answer.
Without the 'sleep', the connection to the remote host would be closed immediately after reading the last line from stdin, without waiting for the remote side to respond.  (Alternatively, you can leave out the 'sleep 1' command and instead psss '-ign_eof -quiet' to 'openssl', but then that connection remains kept open until it times out from the server; the 'sleep' allows the connection to be severed by the client.)

> 
> when I try to execute ? tcpdump tcp -w http.pcap port 80?  on both 
> server and client and then execute the above command in the client and 
> finally try to read the file, Nothing is captured in the file.

You are telling tcpump to capture all packets that are sent to or originate from port 80 on any host.  The 'openssl' command connects to port 443 on the remote host, so the packets sent there are not captured by your tcpdump command, as they do not match the requirement ("anything going to or from port 80").

-Jan
_______________________________________________
cs615asa mailing list
cs615asa at lists.stevens.edu
https://lists.stevens.edu/mailman/listinfo/cs615asa

More information about the cs615asa mailing list