This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

At which layer does Wireshark capture packets in terms of OSI network model?

0

Hi,

Could someone please tell me at which layer does wireshark capture packets interms of OSI network model?

asked 22 Sep '14, 19:07

iamvicky's gravatar image

iamvicky
11112
accept rate: 0%

edited 23 Sep '14, 11:20

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118


One Answer:

0

Well, captures are done from the wire, but the lowest OSI layer you get in a frame is layer 2. In most cases that means Ethernet these days. It does not capture things like autonegitiation or preambles etc, just the frames.

answered 22 Sep '14, 20:11

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks Jasper! So, does that mean either wireshark captures packets only at layer 2 or it captures from layer 2 till layer 7?

(23 Sep '14, 03:56) iamvicky

It captures layer 2 and above...

The "and above" part is a result of L3-L7 being encapsulated within the L2 frame.

(25 Sep '14, 06:09) smp