Here are a few good links you should review to learn about wireshark:
In this class we will cover modern networking systems. We will study Ethernet and IP version 4 in depth. We will also study IP transport protocols (TCP/UDP/ICMP), DHCP, DNS and Network Address Translation. We will touch on routing protocols, WAN technologies, VPNS, Firewalls, and IP Multicast. You will also learn about IP addresses, subnetting, and designing and documenting a IP network.
Here is an wikipedia page on the OSI layers Wikipedia page on OSI model
Here is a wikipedia page on the TCP/IP layers Wikipedia page on TCP model
OSI layer number | OSI name | Use in the Ethernet TCP/IP world |
---|---|---|
one | physical | ETHERNET |
two | datalink | ETHERNET |
three | network | IP |
four | transport | TCP/UDP |
five | session | TCP/UDP/APPLICATION |
six | presentation | APPLICATION |
seven | application | APPLICATION |
Think of moving down the stack, from the highest level - the application to the lowest level - the physical network, as putting headers and trailers on the data that specify the source and destination, and provide data integrity checks.
The reverse happens as the data arrives at the destination. As it moves up the stack the headers and trailers are verified, used to specify destination and then removed. The original data arrives at the destination.
On the way out from source:
Layer | Data frame |
---|---|
7 | [DATA] |
6 | [L7header][DATA][L7trailer] |
5 | [L6header][L7header][DATA][L7trailer][L6trailer] |
4 | [L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer] |
3 | [L4header][L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer][L4trailer] |
2 | [L3header][L4header][L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer][L4trailer][L3trailer] |
1 | [L2header][L3header][L4header][L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer][L4trailer][L3trailer][L2trailer] |
Layer | Data frame |
---|---|
1 | [L2header][L3header][L4header][L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer][L4trailer][L3trailer][L2trailer] |
2 | [L3header][L4header][L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer][L4trailer][L3trailer] |
3 | [L4header][L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer][L4trailer] |
4 | [L5header][L6header][L7header][DATA][L7trailer][L6trailer][L5trailer] |
5 | [L6header][L7header][DATA][L7trailer][l6trailer] |
6 | [L7header][DATA][L7trailer] |
7 | [DATA] |
Also note that the OSI model is just that, a model. In the real world exactly which function is performed at which layer can be somewhat fuzzy. For example, ICMP can be though of as a inband layer 3 signaling protocol or a layer 4 transport protocol.
As packets enter a system, at each layer boundary their will be some key which specifies which software subsystem should be used to process the next layer. This key is usually in the header of the current layer. For example, as an Ethernet II frame arrives at a machine the Ethernet header will be removed, but the protocol field will tell where to send the data contents of the Ethernet frame. If it is 0x0806 than the contents are a ARP packet and the contents will be passed to the ARP subsystem. If it is 0x0800 the contents are an IP packet and will be passed to the IP subsystem.
Likewise, as a packet arrives at the IP subsystem, the IP header will be removed, but the protocol field of the IP header will tell the IP subsystem which IP protocol will handle the packet next. if protocol=6 then TCP handles it. If protocol=17 then UDP.
The IETF (Internet engineering task force) publishes the RFC documents
which set most Internet standards.
http://www.rfc-editor.org/
Internet Requests For Comments. Documents which specify many Internet protocols.
Here is a listing of all current Official Internet Standards,
including Best Current Practice -
http://www.rfc-editor.org/rfcxx00.html
The IEEE (Institute of Electrical and Electronics Engineers)
publishes the 802 standards which define Ethernet (802.3 and others)
http://www.ieee802.org/
1969 4 hosts on ARPAnet (UCSB, SRI, UCLA U of Utah) (NCP precursor to TCP/IP)
1970s more research hosts connect
1974 TCP protocol described in a paper by Vint Cerf and Bob Kahn
1976 Bob Metcalfe develops ethernet
1981 RFC's defining IP (RFC 791), ICMP (RFC792), and TCP (RFC 793) released
1981 plan to convert ARPAnet from NCP to TCP/IP RFC 801
1983 ARPAnet cutover completed from NCP to TCP/IP - Birth of the Internet as we know it
1984 DNS system introduced
1986 NFSnet commissioned
1988 Morris Worm
1991 WWW invented at CERN
1993-1995 commercialization of Internet
1995 NSFnet shuts down - VBNS starts up
1998 Abilene/Internet2 network starts up
2004 National Lambda Rail starts up