Which display filter shows TLS certificate handshake messages?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter shows TLS certificate handshake messages?

Explanation:
TLS handshake messages carry a numeric type field, and the Certificate message is type 11. Filtering with tls.handshake.type == 11 shows exactly those handshake messages that carry certificate data, including the server’s certificate chain during the handshake. The other filters don’t target the certificate content: one looks at alert messages, another at the protocol version used in the handshake, and the last checks whether a session ID is present, which isn’t about the certificate messages themselves.

TLS handshake messages carry a numeric type field, and the Certificate message is type 11. Filtering with tls.handshake.type == 11 shows exactly those handshake messages that carry certificate data, including the server’s certificate chain during the handshake. The other filters don’t target the certificate content: one looks at alert messages, another at the protocol version used in the handshake, and the last checks whether a session ID is present, which isn’t about the certificate messages themselves.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy