210-255 · Question #22
Refer to the exhibit. Which application protocol is in this PCAP file?
The correct answer is D. SSL. The PCAP file contains SSL traffic, identifiable by the characteristic TLS/SSL handshake messages visible in the packet capture.
Question
Refer to the exhibit. Which application protocol is in this PCAP file?
Exhibit
Options
- ATCP
- BSSH
- CHTTP
- DSSL
How the community answered
(33 responses)- A9% (3)
- B3% (1)
- C3% (1)
- D85% (28)
Why each option
The PCAP file contains SSL traffic, identifiable by the characteristic TLS/SSL handshake messages visible in the packet capture.
TCP is a transport layer protocol, not an application protocol - it is the underlying carrier of the SSL session, not the application-level protocol being analyzed.
SSH is a separate application protocol used for secure remote shell access over port 22 and has a fundamentally different packet structure than SSL/TLS.
HTTP is an unencrypted application protocol operating on port 80 and lacks the handshake and encrypted record structure visible in this PCAP.
SSL/TLS traffic is identifiable in packet captures by its distinctive handshake sequence, including Client Hello and Server Hello messages, and typically appears on port 443. The application protocol shown is SSL because the packet data reveals encrypted session negotiation fields specific to the TLS record layer. Recognizing SSL in a PCAP requires identifying the content type, version, and handshake type fields within the TLS record header.
Concept tested: Identifying SSL/TLS application traffic in packet captures
Source: https://wiki.wireshark.org/TLS
Topics
Community Discussion
No community discussion yet for this question.
