At which layer does Wireshark capture packets in terms of OSI network model?



One Answer:


Well, captures are done from the wire, but the lowest OSI layer you get in a frame is layer 2. In most cases that means Ethernet these days. It does not capture things like autonegitiation or preambles etc, just the frames.

Thanks Jasper! So, does that mean either wireshark captures packets only at layer 2 or it captures from layer 2 till layer 7?

It captures layer 2 and above...

The "and above" part is a result of L3-L7 being encapsulated within the L2 frame.

