OSI Layers in Wireshark

Screenshot 2025-01-19 041048.png

Screenshot 2025-01-19 041112.png

Screenshot 2025-01-16 041851.png

Displays source and destination MAC addresses in network traffic analysis tools like Wireshark.
Popular Link Layer Protocols:
- 802.3: Ethernet
- 802.11: Wireless (Wi-Fi)
- 802.15.1: Bluetooth
Ethernet Header:
- Source MAC Address: The MAC address of the sending device.
- Destination MAC Address: The MAC address of the receiving device.
- EtherType: Indicates the type of payload (e.g., IPv4, ARP).
  - Example: 0x0800 for IPv4, 0x0806 for ARP.
Protocols at the Link Layer:
- ARP: Used to resolve IP-to-MAC mappings.
- STP (Spanning Tree Protocol): Manages loops in Ethernet networks.
- VLAN Tags: Displays VLAN ID if present in the frame.
Ethernet Specifics:
- Ethernet headers are 14 bytes long.
- Ethernet frames must have a minimum length of 64 bytes (data + header + trailer). If shorter, padding is added.
- Maximum Ethernet frame length: 1518 bytes.
- Includes a 4-byte CRC trailer for corruption detection.
MAC Addresses:
- Unique 48-bit identifiers assigned by NIC manufacturers.
- Used for device identification at the link layer.

Purpose in Wireshark: Displays information about IP packets.
Key Fields in Wireshark:
- Source IP: The sender's IP address.
- Destination IP: The receiver's IP address.
- Protocol: Indicates the transport protocol used (e.g., TCP, UDP, ICMP).
- Time to Live (TTL): Limits the lifespan of a packet in the network to prevent infinite looping.
- Fragmentation Details: If a packet is fragmented, Wireshark shows related flags and offsets.

Purpose in Wireshark: Displays details about protocols such as TCP, UDP, or ICMP.
Key Information in Wireshark:
- Source Port: The port used by the sender application.
- Destination Port: The port targeted by the receiving application.
- Sequence and Acknowledgment Numbers (TCP):
  - Used for reliability and reassembly of data.
- Flags (TCP):
  - SYN, ACK, FIN, etc., indicate the state of the connection.
- Checksum: Validates the integrity of the transport layer packet.
- Payload Size: Amount of data carried in the packet.