Which item cannot be observed in TLS encrypted traffic?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which item cannot be observed in TLS encrypted traffic?

Explanation:
TLS encryption hides the actual content being transmitted, but some metadata remains visible. The payload data—the actual application content—is encrypted, so you cannot read it from a capture. In contrast, IP addresses appear in the network headers, so you can see who’s talking to whom. The size of each TLS record or packet is also observable from the captured frames. The Server Name Indication (SNI) is typically sent in the clear during the TLS handshake, so you can see which server name is being requested (unless a privacy feature is deployed). Because the payload data is protected by TLS, it cannot be observed.

TLS encryption hides the actual content being transmitted, but some metadata remains visible. The payload data—the actual application content—is encrypted, so you cannot read it from a capture. In contrast, IP addresses appear in the network headers, so you can see who’s talking to whom. The size of each TLS record or packet is also observable from the captured frames. The Server Name Indication (SNI) is typically sent in the clear during the TLS handshake, so you can see which server name is being requested (unless a privacy feature is deployed). Because the payload data is protected by TLS, it cannot be observed.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy