Is wireshark included application layer attachment.Basically I want to ask is it attaching the information above the network layer ? If it is so how to analyze it ? Ultimately How do we come to know that there are other headers are attacked with packet on wireshark ? asked 08 Sep '16, 07:18  avani badheka |
One Answer:
Yes there is. Above the network layer (eg. IP) there are transport layer protocols which are dissected (eg. TCP, UDP, etc). Even layers above that are dissected (eg. SMB, FTP, HTTP, etc.), and in some cases even above that, allowing you to export objects and streams communicated with these protocols (eg. SMB, RTP voice, etc.). As soon as Wireshark knows about these protocols it tries to dissect them, given that dissection is properly configured. This varies per protocol and dissector. In short, the higher you come in the network stack, the less complete Wireshark is. It main strengths lay in the lower layer protocols. answered 08 Sep '16, 09:42  Jaap ♦ |
thank you , Is there any probability that OS is going to attached some headers with packets ? like at kernel side is it attach some own headers ?