Which of the following can you see in TLS encrypted traffic?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which of the following can you see in TLS encrypted traffic?

Explanation:
In TLS, the payload you send and receive is encrypted, but some surrounding information stays visible. You can observe the IP addresses involved in the connection (source and destination) and the sizes of the TLS records that are sent, even though you can’t read the actual application data inside those records. The server name requested by the client is typically carried in the SNI field of the ClientHello and is sent in the clear, so observers can often see which domain is being contacted. Packet or record sizes give you an idea of how much data is being exchanged without revealing the content. The actual application data isn’t readable, and user credentials in the application layer aren’t exposed in the encrypted stream. Certificates are exchanged as part of the handshake, but that exchange isn’t the encrypted application data, so it’s not what’s meant by “TLS encrypted traffic” in this context. Therefore, the elements that are visible are the IPs, the domain via SNI, and the TLS record sizes, matching the best answer.

In TLS, the payload you send and receive is encrypted, but some surrounding information stays visible. You can observe the IP addresses involved in the connection (source and destination) and the sizes of the TLS records that are sent, even though you can’t read the actual application data inside those records. The server name requested by the client is typically carried in the SNI field of the ClientHello and is sent in the clear, so observers can often see which domain is being contacted. Packet or record sizes give you an idea of how much data is being exchanged without revealing the content.

The actual application data isn’t readable, and user credentials in the application layer aren’t exposed in the encrypted stream. Certificates are exchanged as part of the handshake, but that exchange isn’t the encrypted application data, so it’s not what’s meant by “TLS encrypted traffic” in this context. Therefore, the elements that are visible are the IPs, the domain via SNI, and the TLS record sizes, matching the best answer.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy