Mission Impossible: Analyze Over 300 TLS Sessions in One Hour

View a recorded session with  Inside Products and our partner Software Diversified Services (SDS) demonstrate how to accomplished this “Impossible Mission”.  (Date of webcast: September 13, 2017)

 

Our task:  

Analyze a packet trace with thousands of packets containing TLS sessions.   Find out which sessions have failures and where. Find out which sessions have performance problems and why.   And, we have one hour to do it.

We chose to accept the challenge.

How did we do it?

We used our SSL Problem Finder product.

It analyzed the packet trace in 5 minutes.  Then, we started looking at the results.

What did we find?

Click HERE for the report.

There were 385 handshakes.  342 were good and 43 handshakes were bad.   Some handshakes took over 2 seconds with at least one as bad as 8 seconds.

Some of the failing handshakes had a bad server certificate.

There were also some potential application performance problems because of how the application data was sent for encryption. (We can tell you of a case where one byte at a time was sent to be encrypted with 20 bytes of overhead per byte (95% overhead!).

What else?

We used the rest of the time to see the proportion of data traffic to the handshake and to analyze the handshake timing.  Click HERE and HERE.

We can also see that the Tor browser was used for this session because of the Server Name in the TLS handshake.  Click HERE to see the fingerprint of such sessions.

Our hour was well-spent.  We had time to spare.

Do you want to do this?

First, you will need our expert system products for network diagnostics.  You may see them HERE.

Then, you will need to get training on how TLS actually works.  You would not expect to use an X-ray machine without training. This is how our products are also.  Once you are trained and have the right products, what may have seemed to be an impossible mission, is now quite possible.   We offer training for TLS.  Just ask us.

Please contact us at: problemfinders@insidethestack.com or (831) 659-8360.