nerdexam
Cisco

210-255 · Question #22

Refer to the exhibit. Which application protocol is in this PCAP file?

The correct answer is D. SSL. The PCAP file contains SSL traffic, identifiable by the characteristic TLS/SSL handshake messages visible in the packet capture.

Network Intrusion Analysis

Question

Refer to the exhibit. Which application protocol is in this PCAP file?

Exhibit

210-255 question #22 exhibit

Options

  • ATCP
  • BSSH
  • CHTTP
  • DSSL

How the community answered

(33 responses)
  • A
    9% (3)
  • B
    3% (1)
  • C
    3% (1)
  • D
    85% (28)

Why each option

The PCAP file contains SSL traffic, identifiable by the characteristic TLS/SSL handshake messages visible in the packet capture.

ATCP

TCP is a transport layer protocol, not an application protocol - it is the underlying carrier of the SSL session, not the application-level protocol being analyzed.

BSSH

SSH is a separate application protocol used for secure remote shell access over port 22 and has a fundamentally different packet structure than SSL/TLS.

CHTTP

HTTP is an unencrypted application protocol operating on port 80 and lacks the handshake and encrypted record structure visible in this PCAP.

DSSLCorrect

SSL/TLS traffic is identifiable in packet captures by its distinctive handshake sequence, including Client Hello and Server Hello messages, and typically appears on port 443. The application protocol shown is SSL because the packet data reveals encrypted session negotiation fields specific to the TLS record layer. Recognizing SSL in a PCAP requires identifying the content type, version, and handshake type fields within the TLS record header.

Concept tested: Identifying SSL/TLS application traffic in packet captures

Source: https://wiki.wireshark.org/TLS

Topics

#PCAP analysis#SSL#protocol identification#Wireshark

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice