Which view shows the TLS handshake and, if decrypted, the HTTP payload?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which view shows the TLS handshake and, if decrypted, the HTTP payload?

Explanation:
Wireshark’s Follow TLS Stream view collects all packets from one TLS session, so you can see the entire handshake sequence (ClientHello, ServerHello, certificate exchange, and so on) in one place. If you provide TLS keys to enable decryption, that same view will also reveal the HTTP payload inside the TLS records, showing the actual HTTP requests and responses. Without decryption, the HTTP content remains encrypted, so you only see the TLS handshake and the encrypted application data. The HTTP dialogue itself is typically reconstructed by the Follow HTTP Stream view, which only becomes meaningful after decryption or when the traffic is not TLS-encrypted. The other options don’t fit because they describe different flows or nonsensical actions.

Wireshark’s Follow TLS Stream view collects all packets from one TLS session, so you can see the entire handshake sequence (ClientHello, ServerHello, certificate exchange, and so on) in one place. If you provide TLS keys to enable decryption, that same view will also reveal the HTTP payload inside the TLS records, showing the actual HTTP requests and responses. Without decryption, the HTTP content remains encrypted, so you only see the TLS handshake and the encrypted application data. The HTTP dialogue itself is typically reconstructed by the Follow HTTP Stream view, which only becomes meaningful after decryption or when the traffic is not TLS-encrypted. The other options don’t fit because they describe different flows or nonsensical actions.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy