I'm a newbie to wireshark, being a networking student at a nearby technical college. What protocols are examined in layers 4 to 2? asked 20 Feb '14, 08:17  BreakingBad |
One Answer:
You need to work a bit on your Google Fu. A quick search found lots of hits comparing tcpip and OSI, e.g. http://electronicdesign.com/what-s-difference-between/what-s-difference-between-osi-seven-layer-network-model-and-tcpip answered 20 Feb '14, 08:25  grahamb ♦ |
What I meant to say is: does wireshark look at all protocols, from layers 2-4?
Wireshark will, if a protocol dissector is available for the protocol, examine and dissect every protocol in every captured packet.
If there isn't a dissector available, then Wireshark will display the data at that level as "Data" and no further dissection of that data will be done.
So yes, Wireshark will show data over the OSI stack from layers 2-7 for all data link types that Wireshark understands.