OAP/NAP Analysis using Wireshark - Part 2

How to identify the ciphersuite used in OAP/NAP for Simple & Cert Mode Communication?

1. Capture OAP/NAP Messages as mentioned in previous blog.
2. Open the tcpdump captured file (/tmp/wg.cap) using Wireshark.
3. Once the tcpdump file is opened in the Wireshark, click Analyze->Decode As, then select SSL.
4. Find the Client Hello Packet in Wireshark, as shown in the screenshot.  The Client Hello is part of SSL Handshake.

   

   Client Hello.

5. Find the Server Hello packet in Wireshark, as shown in screenshot. This Server Hello is part of SSL handshake.

   

   Server Hello.