OSI Network Layer Analysis via Wireshark

29/12/2020
Chưa phân loại

OSI model and TCP/IP model:

We all know that OSI (Open Systems Interconnection) is a reference model for how applications communicate over a network.

Here are the 7 layers according to OSI model:

Application Layer     [Layer 7]
Presentation Layer    [Layer 6]
Session Layer           [Layer 5]
Transport Layer        [Layer 4]
Network Layer          [Layer 3]
Data Link Layer        [Layer 2]
Physical Layer          [Layer 1]

There is another network model which is TCP/IP.

Here are the 4 layers according to TCP/IP model:

Application Layer                [Layer 4]
Transport Layer                   [Layer 3]
Internet Layer                      [Layer 2]
Network Access Layer        [Layer 1]

Relation OSI and TCP/IP model:

Below is the relation between OSI model and TCP/IP model.

OSI Model TCP/IP Model

 

Application Layer Application Layer
Presentation Layer
Session Layer
Transport Layer Transport Layer
Network Layer Internet Layer
Data Link Layer Network access Layer
Physical Layer

Now the question comes, in Wireshark what model we should be expecting?

Actually in Wireshark we observe below layers

Application Layer     [Layer 5]
Transport Layer        [Layer 4]
Network Layer          [Layer 3]
Data Link Layer        [Layer 2]
Physical Layer          [Layer 1]

Now we understand that the above layers are not exactly OSI or TCP/IP but a combination of both models.

Let’s look into Wireshark capture and understand better.

What we see in Wireshark?

We will take some protocols as example and understand the layers through Wireshark. The interesting part is all protocol does not have all the layers.

Note:

As Wireshark decodes packets at Data Link layer so we will not get physical layer information always. In some cases, capturing adapter provides some physical layer information and can be displayed through Wireshark.

So here are the sequence layers seen in Wireshark

Data Link Layer
Network Layer
Transport Layer
Application Layer

Hope you understand that Wireshark is just showing in reverse order. If physical layer information is given to Wireshark then that time we should see physical layer information on top of Data link. See below picture.

Physical Layer
Data Link Layer
Network Layer
Transport Layer
Application Layer

HTTP [It has 4 layers]:

You can follow below link to understand HTTP through Wireshark

https://linuxhint.com/http_wireshark/

Here is the screenshot of a HTTP packet where we can see 4 layers.

We know HTTP is an application layer so we see application layer also.

Now let’s see a transport layer protocol in Wireshark.

TCP [It has 3 layers]:

Here is the screenshot of a TCP packet where we can see 3 layers.

Let’s see ICMP packet.

ICMP [It has 2 layers]:

Here is the screenshot of an ICMP frame where we can see 2 layers.

 

Now let’s see one wireless TCP frame where we can see physical layer information.

Wireless TCP [It has 4 layers]:

Here is the screenshot of a TCP frame where we can see 4 layers including physical layer.

As TCP is a transport layer protocol so we did not see any application layer protocol.

Now let’s see Wireless capture for HTTP and hope to see all 5 layers including Application layer and physical layer.

Wireless HTTp [It has all 5 layers]:

Here is the screenshot of a HTTP frame where we can see including Application layer and physical layer.

Summary:

In summary we can say that depending on protocol different layers can been seen in Wireshark.

Reference:

If you want to know job of each layer, follow below link

https://en.wikipedia.org/wiki/OSI_model

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Python Web Scraping Tutorial

The web is a major source of data, and with the web developing on a daily basis, one can only expect the increase of data...
28/12/2020

Posix Standard

POSIX: An Overview The Portable Operating System Interface (POSIX) is an IEEE standard that helps compatibility and portability...
Chưa phân loại, vps giá rẻ
28/12/2020

Bash Tac Command

Tac is one of those commands that you don’t realize until you have already gone and done it, reinvented the wheel, which...
Chưa phân loại, vps giá rẻ
29/12/2020