Hello, I am trying to understand how wirehark generates the 7 levels of ISA/OSI stack in the trace. Because after stack level 4 (trasport), how could I know if the "data" shown is level 5,6 or 7? For example, theoretically HTTP works on level 7, but in trace are only displayed: 1.Frame -> 2. Eth II -> 3.IPv4 -> 4. TCP -> 5.HTTP So, seems "session" and "presentation" are skipped? and in case trace of RTP, I can see: 1.Frame -> 2. Eth II -> 3.IPv4 -> 4. UDP -> 5.RTP According some info reported in internet, RTP works in level 5 while others report it works on level 7. Hence, would you please help me to understand how could I read the stack of ISA/OSI, by reading trace output of wirshark and the mechanism? Thanks! asked 24 Mar '12, 05:50  SchrodingerCat edited 24 Mar '12, 07:08 |
One Answer:
Not all protocol stacks strictly follow the OSI model, and different people might have different opinions about where protocols at layers above the transport layer belong in the OSI model. The OSI model isn't the only model; the TCP/IP model also exists, and puts everything above the transport layer at the application layer. answered 24 Mar '12, 10:05  Guy Harris ♦♦ |
Thanks, it's clear!
When someone successfully answers your question you're meant to accept the answer by clicking the "check". Thanks.