I am using version 1.10.7 of Wireshark. I have seen a few tutorials that describe the various contents of a "handshake" packet. I have only found tutorials for older versions, so when it describes the details of the packet under Handshake Protocol: and I get to the part where it says Cipher Suite: etc... I don't see the cipher suite used. Instead I see a list of 20 cipher suites. I can't see which one of the suites was actually used. Little help? asked 28 Apr '14, 18:20  plasmasnakeneo edited 28 Apr '14, 20:53 |
One Answer:
I guess you're talking about a SSL/TLS handshake. The list of cyphers is sent from one node to the other, which then picks the cypher it likes best, sending back the index of the chosen cypher in its next packet. You should be able to find it by looking for that packet following the cypher list. answered 28 Apr '14, 18:51  Jasper ♦♦ |
Yes, thank you. I thought I should have seen what cipher suite it used within the handshake packet but that was not the case. I updated the title of the thread so that it reflects my initial problem better, since you seemed unclear about what I was looking for, that way others can find it easier as well.