Which field would you filter on to show TLS version 1.2 traffic?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which field would you filter on to show TLS version 1.2 traffic?

Explanation:
TLS versions are encoded as two-byte values. For TLS 1.2 that value is 0x0303, and Wireshark’s filter tls.version uses that numeric code to select traffic. Filtering with 0x0303 will show only TLS 1.2 traffic. Filtering with 0x0304 would pull TLS 1.3 traffic, while 0x0300 corresponds to SSL 3.0 and isn’t the 1.2 version. A plain 1.2 isn’t a valid hex-encoded filter, so you use the hex code 0x0303 to match TLS 1.2.

TLS versions are encoded as two-byte values. For TLS 1.2 that value is 0x0303, and Wireshark’s filter tls.version uses that numeric code to select traffic. Filtering with 0x0303 will show only TLS 1.2 traffic. Filtering with 0x0304 would pull TLS 1.3 traffic, while 0x0300 corresponds to SSL 3.0 and isn’t the 1.2 version. A plain 1.2 isn’t a valid hex-encoded filter, so you use the hex code 0x0303 to match TLS 1.2.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy