Packets and Networking
Hey guys,
I'm just brushing up on my networking knowledge,
So the OSI has 7 layers,I read that at each layer headers will be encapsulated to the PDU, but when I open up wireshark and examine network traffic coming and going to my computer I see many different protocols such as DNS,ARP,TCP,UDP,HTTP etc
what I don't get is how so many packets are being sent, I read that each layer encapsulates a header, so lets say that we want to send HTTP data is a HTTP packet sent alone with all the other data from the other lays wrapped in it?
This is hard to explain so sorry If I'm not making sense. when that HTTP packet is sent in wireshark as mentioned I also see many other packets associated with that HTTP packet such as TCP and probably other protocols too, so when they say at each layer a header is added is each protocol added to the same packet? or are these headers sent separately??
or should I say how come I also see IP,TCP packets in wireshark not only HTTP( from the HTTP request / response )
thanks
I'm just brushing up on my networking knowledge,
So the OSI has 7 layers,I read that at each layer headers will be encapsulated to the PDU, but when I open up wireshark and examine network traffic coming and going to my computer I see many different protocols such as DNS,ARP,TCP,UDP,HTTP etc
what I don't get is how so many packets are being sent, I read that each layer encapsulates a header, so lets say that we want to send HTTP data is a HTTP packet sent alone with all the other data from the other lays wrapped in it?
This is hard to explain so sorry If I'm not making sense. when that HTTP packet is sent in wireshark as mentioned I also see many other packets associated with that HTTP packet such as TCP and probably other protocols too, so when they say at each layer a header is added is each protocol added to the same packet? or are these headers sent separately??
or should I say how come I also see IP,TCP packets in wireshark not only HTTP( from the HTTP request / response )
thanks
Last edited on
An HTTP packet is PhysicalProtocol(Ethernet*(IP(TCP(HTTP)))) (*Ethernet is the most common case for layer 2, but a different protocol may be used, for example in the case of WLAN). However, To fulfill a complete HTTP request the host may need to send several packets besides just the onos for the HTTP request proper.
Let's assume that you want to make a request to example.com. First of all we'll assume that the host has already negotiated with the network (probably via DHCP) to obtain the DNS and IP address of the gateway.
1. Does the host know the MAC address of the gateway? If not, it will need to make an ARP lookup on the corresponding network segment.
2. Does the host know the IP address of example.com? If not, it will need to make a name lookup to the DNS.
3. Only now is the HTTP client able to send the request proper.
Also, you don't specify whether you're doing any kind of filtering on Wireshark. By default, Wireshark will log all network activity on the specified NIC. On any modern system with just one NIC this will include a lot of traffic that will probably be irrelevant to what you want to find out, so it's usually important to at least filter by protocol or port (in the case of TPC and UDP).
Let's assume that you want to make a request to example.com. First of all we'll assume that the host has already negotiated with the network (probably via DHCP) to obtain the DNS and IP address of the gateway.
1. Does the host know the MAC address of the gateway? If not, it will need to make an ARP lookup on the corresponding network segment.
2. Does the host know the IP address of example.com? If not, it will need to make a name lookup to the DNS.
3. Only now is the HTTP client able to send the request proper.
Also, you don't specify whether you're doing any kind of filtering on Wireshark. By default, Wireshark will log all network activity on the specified NIC. On any modern system with just one NIC this will include a lot of traffic that will probably be irrelevant to what you want to find out, so it's usually important to at least filter by protocol or port (in the case of TPC and UDP).
Last edited on
thanks helios that makes sense
I had a filter to capture the particular HTTP session I am also guessing that the TCP packets will also be sent to establish a connection before sending the http packets to the server
I had a filter to capture the particular HTTP session I am also guessing that the TCP packets will also be sent to establish a connection before sending the http packets to the server
Topic archived. No new replies allowed.