Which TLS field would you inspect to see the chosen cipher suite?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which TLS field would you inspect to see the chosen cipher suite?

Explanation:
The negotiated cipher suite is determined during the TLS handshake and is shown in the tls.cipher_suite field. During the ServerHello, the server selects one cipher suite from the client’s offered list and communicates that choice to the client; the dissection in Wireshark exposes that exact suite in tls.cipher_suite. This field tells you which algorithms will be used for key exchange, bulk encryption, and MAC for the session (for example, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256). Other fields serve different purposes: tls.server_name shows the SNI hostname, tls.version indicates the protocol version, and tls.session_id is used for session resumption. They don’t reveal which cipher suite was chosen.

The negotiated cipher suite is determined during the TLS handshake and is shown in the tls.cipher_suite field. During the ServerHello, the server selects one cipher suite from the client’s offered list and communicates that choice to the client; the dissection in Wireshark exposes that exact suite in tls.cipher_suite. This field tells you which algorithms will be used for key exchange, bulk encryption, and MAC for the session (for example, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256). Other fields serve different purposes: tls.server_name shows the SNI hostname, tls.version indicates the protocol version, and tls.session_id is used for session resumption. They don’t reveal which cipher suite was chosen.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy