nerdexam
F5

101 · Question #583

Without decrypting, what portion of an HTTPS session is visible with a packet capture?

The correct answer is A. Source IP Address. TLS encrypts the HTTP application layer payload, but the IP and TCP headers remain in plaintext and are visible in a packet capture without decryption.

Section 4: Security Basics

Question

Without decrypting, what portion of an HTTPS session is visible with a packet capture?

Options

  • ASource IP Address
  • BHTTP Request Headers
  • CCookies
  • DHTTP Response Headers

How the community answered

(35 responses)
  • A
    86% (30)
  • B
    3% (1)
  • C
    9% (3)
  • D
    3% (1)

Why each option

TLS encrypts the HTTP application layer payload, but the IP and TCP headers remain in plaintext and are visible in a packet capture without decryption.

ASource IP AddressCorrect

The source IP address resides in the IP header, which is outside the TLS encryption envelope. TLS only encrypts the application-layer payload (HTTP request/response headers, body, cookies), so network-layer addressing information like source and destination IP addresses are always visible in a packet capture.

BHTTP Request Headers

HTTP request headers are part of the application-layer payload and are fully encrypted inside the TLS record, making them unreadable without the session keys.

CCookies

Cookies are transmitted within HTTP headers or the request body, both of which are encrypted by TLS and not visible in a packet capture without decryption.

DHTTP Response Headers

HTTP response headers are part of the TLS-encrypted payload and cannot be read from a packet capture without decrypting the TLS session.

Concept tested: TLS encryption scope and visible packet fields

Source: https://www.rfc-editor.org/rfc/rfc8446

Topics

#HTTPS#SSL/TLS encryption#packet capture#visible traffic

Community Discussion

No community discussion yet for this question.

Full 101 Practice