This is a static archive of our old Q&A Site. Please post any new questions and answers at

At which layer does Wireshark capture packets in terms of OSI network model?



Could someone please tell me at which layer does wireshark capture packets interms of OSI network model?

asked 22 Sep '14, 19:07

iamvicky's gravatar image

accept rate: 0%

edited 23 Sep '14, 11:20

Jim%20Aragon's gravatar image

Jim Aragon

One Answer:


Well, captures are done from the wire, but the lowest OSI layer you get in a frame is layer 2. In most cases that means Ethernet these days. It does not capture things like autonegitiation or preambles etc, just the frames.

answered 22 Sep '14, 20:11

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Thanks Jasper! So, does that mean either wireshark captures packets only at layer 2 or it captures from layer 2 till layer 7?

(23 Sep '14, 03:56) iamvicky

It captures layer 2 and above...

The "and above" part is a result of L3-L7 being encapsulated within the L2 frame.

(25 Sep '14, 06:09) smp