Ravindra Ranwala's Blog

Analyzing TCP dumps is very common use case when it comes to production support, since it is very useful and handy way to figure out network related issues. In this article I would like to walk you through that. Before start following this, you need to have thorough understanding of TCP/IP protocol suite[1].  To quickly recap your TCP/IP knowledge you may refer to this[2]. Also you need to have Wireshark packet sniffer tool installed in your system. Scenario: Let’s invoke a simple currency converter web service with a sample SOAP request. Then we’ll capture the TCP dump and analyse it. Before we start let me give you a brief introduction about TCP/IP suite. At the network layer, IP provides functions such as addressing, delivery, and datagram packaging, fragmentation and reassembly. At the transport layer, TCP and UDP are concerned with encapsulating user data and managing connections between devices. Other protocols provide routing and management functionality. Higher-la

Secure Sockets Layer (SSL) is the most widely used protocol for implementing cryptography on the Web. SSL provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications. The secure sockets layer is added between the transport layer and the application layer in the standard TCP/IP protocol stack. SSL is used to transferring sensitive information over a network in safe manner. [1] We have encountered many situations where we need to check which SSL version(s) are being used/supported by our ESB.  Recently I involved in a production issue in which an older version of our ESB was vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack[2][3] since it could NOT be configured to support newer SSL versions. Due to that limitation, it was supporting the default SSLv3 and TLSv1 versions where older SSLv3 protocol version is vulnerable to the POODLE attack. SSL is the precursor of the TLS protocol. Communication using SSL b