Introduction to OSI model and Network Analyzer...

Networking Laboratory 1/56

Sungkyunkwan University

Copyright 2000-2015 Networking Laboratory

Introduction to OSI model

and

Network Analyzer :- Introduction to Wireshark

Syed Muhammad Raza – [email protected]


An Overview of ISO and its

7-Layer OSI Model


OSI Model (1/2)

ISO

► International Standards Organization

OSI

► Open Systems Interconnect


OSI Model (2/2)

Introduced in 1978 and revised in 1984

Formulates the communication process into structured layers

There are seven layers in the model, hence the name the 7-

Layer model

The model acts as a frame of reference in the design of

communications and networking products


Layers of OSI Model

7. Application

6. Presentation

5. Session

4. Transport

3. Network

2. Data Link

1. Physical


Division of Layers in OSI Model

Upper Layers

Lower Layers

Middle Layer

7. Application

6. Presentation

5. Session

4. Transport

3. Network

2. Data Link

1. Physical


Function of Layers in OSI Model

Each layer deals with one aspect of networking

► Layer 1 deals with the communication media

Each layer communicates with the adjacent layers

► In both directions

► Ex: Network layer communicates with:

Transport layer

Data Link layer

Each layer formats the data packet

► Ex: Adds or deletes addresses


Role of Layers in OSI Model

7. Application

6. Presentation

1. Physical

Node A

Data Out

Data In

To/from

Node B


Communication Between Layers (1/2)

7. Application

6. Presentation

5. Session

Data

Encapsulation

Data

Stripping


Communication Between Layers (2/2)

7. Application

1. Physical

7. Application

1.Physical

Node a Node b


Layer Operations in OSI Model

At each layer, additional information is added to the data packet

An example would be information related to the IP protocol that is

added at Layer 3


Formatting of Data Through the Layers

Application Header Presentation Header Session Header

Transport Header Network Header

Data Link Header and Trailer Physical Frame Preamble


Standardizing Packet Formatting

Packets must conform to a standard in order for the nodes in a

network to be able to communicate with one another

The International Standards Organization (ISO) has provided a

reference model

Standards are established for operations at each layer of the

ISO/OSI model in the form of protocols


OSI Model Explained

Animation Video

Explanation of operation and purpose of OSI Layer Model


OSI Model Explained

Animation Video


W I R E S H A R K


What is Wireshark ?

Formerly known as Ethereal

Wireshark is a GUI Network Protocol Analyzer

Display filters in Wireshark are very powerful

Follows the rules of the pcap library

0010100100101011101010101


Functions

Capturing network traffic from the interface

Decodes packets of common protocols

Displays the network traffic in human-readable format


Wireshark Startup


Screen Layout of Wireshark

The summary line, briefly describing what the packet is.

A protocol tree is shown, allowing you to drill down to exact protocol or field that you interested in.

a hex dump shows you exactly what the packet looks like when it goes over the wire.

Filename Of Current File


Edit -> Preferences ->Columns


Enable Protocols


Capture Options


Capture Options

To Specify the interface to be monitored

To Record all traffic even not for you

Only Capture part of the packet

To Store the result in file

Automatic Stop Condition

Only Capture certain packet


Start Capturing


Stop Capturing


Display Packet Captured

Frame #

Ethernet Header

Destination Mac Address Field in Ethernet Header


Column Sorting

Output is Sorted By Frame No By Default

Output is Sorted By Source Address


Conversation List


Saving Packets Captured


Capture Filters

The capture filter syntax follows the rules of the pcap

library

This syntax is different from the display filter syntax

Referring manual page of tcpdump

(http://www.tcpdump.org/tcpdump_man.html )

Sample filters:

► src ip 192.168.1.1

► ether src 00:50:BA:48:B5:EF


Capture Filters

A capture filter for HTTP than captures traffic to and from a

particular host

► tcp port 80 and host 10.10.10.5

A capture filter for HTTP than captures traffic not from a

particular host

► tcp port 80 and not host 10.10.10.5

A capture filter to and from an Ethernet address

► ether 00:00:01:01:02:22


Display Filters

C-like symbols, or through English-like abbreviations:

► eq, == Equal

► ne, != Not equal

► gt, > Greater than

► lt, < Less Than

► ge, >= Greater than or Equal to

► le, <= Less than or Equal to


Display Filters GUI

Quick Way to Learn Display

Filter Commands


Display Filters GUI

1.

2.

3.


Display Filters GUI


Follow TCP Stream


Follow TCP Stream

red - stuff you sent blue - stuff you get


Expert Info


Conversations


IOGraphs


Flow Graphs


HTTP Analysis


HTTP Analysis – Load Distribution


HTTP Analysis – Packet Counter


HTTP Analysis – Requests


And there is much much more which you should explore on

your own … Happy Exploring


Improving WireShark Performance

Don’t use capture filters

Increase your read buffer size

Don’t update the screen dynamically

Get a faster computer

Use a TAP

Don’t resolve names


Some Useful Information

Wireshark

http://www.wireshark.org

TCPDUMP MAN Page

http://www.tcpdump.org/tcpdump_man.html

IP Protocol

http://www.networksorcery.com/enp/protocol/ip.htm


Thank you

Introduction to OSI model and Network Analyzer...

Documents

Transcript of Introduction to OSI model and Network Analyzer...