Introduction to packet analysis

0 56
Avatar for yara
Written by
4 years ago

Before you jump in and pick up a packet sniffer tool like wireshark, and start to find what's wrong in your network you need to know the basics of how it all works under the hood

1-- How Packet Sniffers Like Wireshark Work

  1. collecting :first the packet sniffer collects data from "raw binary data" that you don't understand, typically this happens when you switch your network card into listening mode so it can listen to this data(traffic).

  2. Conversion: Next, the captured binary data is converted into a readable form.

2-- How computers communicate

To be a packet sniffer wizard you need to first understand how computers communicate, and to know the layers in which they communicate in, which is called: the seven layer model OSI.

protocols

Like the protocols of a queen or something protocols are the same thing it's like a set of rules a computer uses to communicate with another computer and there are a lot of protocols out there. Common protocols include Transmission Control Protocol (TCP), Internet Protocol (IP), Address Resolution Protocol (ARP), and Dynamic Host Configuration Protocol (DHCP). Protocols allow how packets should be routed, how to initiate a connection, and how to acknowledge the receipt of data. A protocol can be extremely simple or highly complex.

3-- seven layer OSI model

Protocols are separated according to their functions based on the industry-standard OSI reference model. This hierarchical model, with seven distinct layers, is very helpful for understanding network communications.

we use the layer numbers to tell where is the problem that's why it's really important to understand them

note: the seven layer model was published 1983 by the International Organization for Standardization the model is no more than an industry-recommended standard.

OSI model

The layers of the OSI model starts at the physical layer or application layer depends it's like a request and a respond

Physical layer (layer 1) The layer at the bottom of the OSI model is the physical medium through which network data is transferred. This layer defines the physical and electrical nature of all hardware used, including voltages, hubs, network adapters

Data link layer (layer 2) This layer provides a means of transporting data across a physical network. Its primary purpose is to provide an addressing scheme that can be used to identify physical devices (for example, MAC addresses). Bridges and switches are physical devices that operate at the data link layer.

Network layer (layer 3) is responsible for routing data between physical networks

Transport layer (layer 4) The primary purpose of the transport layer is to provide reliable data transport services to lower layers makes sure there is no error like proxy or firewalls

Session layer (layer 5) This layer manages the dialogue, or session, between two computers. It establishes, manages, and terminates this connection among all communicating devices. The session layer is also responsible for establishing whether a connection is duplex (twoway) or half-duplex (one-way) and for gracefully closing a connection between hosts rather than dropping it abruptly.

Presentation layer (layer 6) This layer transforms the data it receives into a format that can be read by the application layer. The data encoding and decoding done here depends on the application layer protocol that is sending or receiving the data. The presentation layer also handles several forms of encryption and decryption used to secure data.

Application layer (layer 7) finally this layer the top layer, which provides the interface that is the base for all of their network activities.

Q:which layer of the osi model does a vpn operates on?

6
$ 4.02
$ 4.02 from @TheRandomRewarder
Avatar for yara
Written by
4 years ago

Comments