This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm a newbie to wireshark, being a networking student at a nearby technical college. What protocols are examined in layers 4 to 2?

asked 20 Feb '14, 08:17

BreakingBad's gravatar image

BreakingBad
11223
accept rate: 0%


You need to work a bit on your Google Fu. A quick search found lots of hits comparing tcpip and OSI, e.g. http://electronicdesign.com/what-s-difference-between/what-s-difference-between-osi-seven-layer-network-model-and-tcpip

permanent link

answered 20 Feb '14, 08:25

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

What I meant to say is: does wireshark look at all protocols, from layers 2-4?

(20 Feb '14, 10:05) BreakingBad

Wireshark will, if a protocol dissector is available for the protocol, examine and dissect every protocol in every captured packet.

If there isn't a dissector available, then Wireshark will display the data at that level as "Data" and no further dissection of that data will be done.

So yes, Wireshark will show data over the OSI stack from layers 2-7 for all data link types that Wireshark understands.

(20 Feb '14, 12:40) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20

question asked: 20 Feb '14, 08:17

question was seen: 5,977 times

last updated: 20 Feb '14, 12:40

p​o​w​e​r​e​d by O​S​Q​A