19 thoughts on “Which application protocol is in this PCAP file?”
Guys: Listed as TCP, and listed BEFORE the Application layer is employed.
RFC 6101 The SSL Protocol Version 3.0 August 2011
1. Introduction
The primary goal of the SSL protocol is to provide privacy and
reliability between two communicating applications. The protocol is
composed of two layers. At the lowest level, layered on top of some
reliable transport protocol (e.g., TCP [RFC0793]), is the SSL record
protocol. The SSL record protocol is used for encapsulation of
various higher level protocols. One such encapsulated protocol, the
SSL handshake protocol, allows the server and client to authenticate
each other and to negotiate an encryption algorithm and cryptographic
keys before the application protocol transmits or receives its first
byte of data. One advantage of SSL is that it is application
protocol independent. A higher level protocol can layer on top of
the SSL protocol transparently. The SSL protocol provides connection
security that has three basic properties:
D. SSL is the correct answer. Recall the drag and drop that had the TLSv1.2 as Application Protocol….Encryption of HTTP is either SSL/TLS so I’ll go for SSL.
i think the correct answer is HTTP
HTTP default port is 80, but in this example operate over 443
If you check the ascii screen at the bottom in the packet capture, “clear text”
no encryption
In Wireshark, if the protocol is TLS, then that is shown in the Protocol field (eg. TLSv1.2 – have a look at Question 3). We are seeing TCP in the Protocol field. The port (443) doesn’t matter if the information is not encrypted to that port. The traffic appears to be http traffic going to port 443 in the clear.
I would be inclined to answer http (C) for this question.
The answer D. You all are overthinking this one. Learn your ports, 443=HTTPS. HTTP is the application protocol yes, but combined with SSL gives you HTTP over SSL. Therefore it still is an application protocol that gets encrypted at the session layer of the OSI but keep in mind the DoD model combines the Application, Presentation and Session layer together in a single Application layer.
Answer: D
If we are looking at the OSI model then SSL/TLS would sit at the presentation layer as it provides encryption services, but SSL/TLS also establishes an encrypted communication session therefore SSL/TLS is also seen as part of session layer (layer 5 of the OSI model). It will also guarantee the authenticity of a Server by properly authenticating the required authentication challenges. Authentication works at Layer 7.
If we are referring to the TCP/IP model, then it is entirely acceptable that SSL is seen as an application layer protocol as layers 5,6 & 7 of the OSI are mapped to the Application layer in TCP/IP model.
TCP is not an application layer protocol – it is seen as the Transport layer protocol in both models.
This question has been niggling at me for a while and I now think the answer is C
research quite a few articles and now see that SSL/TLS operates just under the application layer. The HTTP server software can act as if it’s sending unencrypted traffic. The only change is that it writes to a library that does all the encryption.
read this article for a great explanation: http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
If you check the asci screen at the bottom in the packet capture, the traffic is going to linuxmint.com, if you type it into your browser with just the domain name it automatically redirects you to the https://www.linuxmint.com site.
i would concur that this is a mistake unless i am ready this wrong
DST port in the Wireshark GUI image shows: 443 (D), which is SSL/HTTPS.
HTTP = 80
SSH = 22
TCP is the network protocol standard for establishing a connection and sending data over the internet
Guys: Listed as TCP, and listed BEFORE the Application layer is employed.
RFC 6101 The SSL Protocol Version 3.0 August 2011
1. Introduction
The primary goal of the SSL protocol is to provide privacy and
reliability between two communicating applications. The protocol is
composed of two layers. At the lowest level, layered on top of some
reliable transport protocol (e.g., TCP [RFC0793]), is the SSL record
protocol. The SSL record protocol is used for encapsulation of
various higher level protocols. One such encapsulated protocol, the
SSL handshake protocol, allows the server and client to authenticate
each other and to negotiate an encryption algorithm and cryptographic
keys before the application protocol transmits or receives its first
byte of data. One advantage of SSL is that it is application
protocol independent. A higher level protocol can layer on top of
the SSL protocol transparently. The SSL protocol provides connection
security that has three basic properties:
Examples of application layer protocols that make use of TCP reliability include HTTP, SSL/TLS, FTP, DNS zone transfers, and others
FROM Cisco NET ACAd.
7.2.2.1
and … if you think over TCP/IP model is indisputably a application protocol.
Any new update to this question? I got hit by it a couple weeks ago. I see SSL which was also called out by Keith Barker in a CBT video.
D. SSL is the correct answer. Recall the drag and drop that had the TLSv1.2 as Application Protocol….Encryption of HTTP is either SSL/TLS so I’ll go for SSL.
Answer is HTTP because http is application prtotocol but SSL not
i think the correct answer is HTTP
HTTP default port is 80, but in this example operate over 443
If you check the ascii screen at the bottom in the packet capture, “clear text”
no encryption
HTTP
In Wireshark, if the protocol is TLS, then that is shown in the Protocol field (eg. TLSv1.2 – have a look at Question 3). We are seeing TCP in the Protocol field. The port (443) doesn’t matter if the information is not encrypted to that port. The traffic appears to be http traffic going to port 443 in the clear.
I would be inclined to answer http (C) for this question.
SSL is a security standard not application protocol…so I go for C
D. SSL – Some people here need to learn their Network Basics. 443 is HTTP over SSL. No doubt, no mistake in the question, no fuss @
The answer D. You all are overthinking this one. Learn your ports, 443=HTTPS. HTTP is the application protocol yes, but combined with SSL gives you HTTP over SSL. Therefore it still is an application protocol that gets encrypted at the session layer of the OSI but keep in mind the DoD model combines the Application, Presentation and Session layer together in a single Application layer.
The answer is D
Answer: D
If we are looking at the OSI model then SSL/TLS would sit at the presentation layer as it provides encryption services, but SSL/TLS also establishes an encrypted communication session therefore SSL/TLS is also seen as part of session layer (layer 5 of the OSI model). It will also guarantee the authenticity of a Server by properly authenticating the required authentication challenges. Authentication works at Layer 7.
If we are referring to the TCP/IP model, then it is entirely acceptable that SSL is seen as an application layer protocol as layers 5,6 & 7 of the OSI are mapped to the Application layer in TCP/IP model.
TCP is not an application layer protocol – it is seen as the Transport layer protocol in both models.
This question has been niggling at me for a while and I now think the answer is C
research quite a few articles and now see that SSL/TLS operates just under the application layer. The HTTP server software can act as if it’s sending unencrypted traffic. The only change is that it writes to a library that does all the encryption.
read this article for a great explanation:
http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
If you check the asci screen at the bottom in the packet capture, the traffic is going to linuxmint.com, if you type it into your browser with just the domain name it automatically redirects you to the https://www.linuxmint.com site.
i would concur that this is a mistake unless i am ready this wrong
Think is D, because the port 443 (HTTPS or SSL)
DST port in the Wireshark GUI image shows: 443 (D), which is SSL/HTTPS.
HTTP = 80
SSH = 22
TCP is the network protocol standard for establishing a connection and sending data over the internet
SSL is cryptography….
— POP SSL – p. 995
— IMAP SSL – p 993
I Think is “A” to
TCP is not an application. D. SSL is the correct answer.
but “Applications protocol” are Telnet, Ftp, SMTP, DNS, HTTP…….
¿? ¿Mistake in the Question?