This is our old Q&A Site. Please post any new questions and answers at

I am using version 1.10.7 of Wireshark.

I have seen a few tutorials that describe the various contents of a "handshake" packet. I have only found tutorials for older versions, so when it describes the details of the packet under Handshake Protocol: and I get to the part where it says Cipher Suite: etc... I don't see the cipher suite used. Instead I see a list of 20 cipher suites. I can't see which one of the suites was actually used.

Little help?

asked 28 Apr '14, 18:20

plasmasnakeneo's gravatar image

accept rate: 0%

edited 28 Apr '14, 20:53

I guess you're talking about a SSL/TLS handshake. The list of cyphers is sent from one node to the other, which then picks the cypher it likes best, sending back the index of the chosen cypher in its next packet. You should be able to find it by looking for that packet following the cypher list.

permanent link

answered 28 Apr '14, 18:51

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Yes, thank you. I thought I should have seen what cipher suite it used within the handshake packet but that was not the case. I updated the title of the thread so that it reflects my initial problem better, since you seemed unclear about what I was looking for, that way others can find it easier as well.

(28 Apr '14, 20:51) plasmasnakeneo
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 28 Apr '14, 18:20

question was seen: 8,510 times

last updated: 28 Apr '14, 20:53

p​o​w​e​r​e​d by O​S​Q​A