Tracking OSI packets with Wireshark - wireshark

All the 7 layers of the OSI model work together to define to the endpoint what is the type of machine he is dealing with.
But I wonder why can't I detect a OSI packet with an software like wireshark? Because Wireshark should track every packet that goes to my machine, right? But I've never seen an "OSI packet" before.
Am I doing something wrong? Is my concept of OSI packets right?

Wireshark shows layers that are not exactly OSI or TCP/IP but a combination of both layers.
As Wireshark decodes packets at Data Link layer so we will not get physical layer information always.
But in some cases, capturing adapter provides some physical layer information and can be displayed through Wireshark.
Generally, we see layers whick do not exceed below layers:
- Physical Layer
- Data Link Layer
- Network Layer
- Transport Layer
- Application Layer
It should be noted that the layers is in reverse order different from OSI and TCP/IP model.
Refer to link for more details.

Related

TCP port and OSI model

There's something I don't understand about TCP/IP stack : ports.
There's an IP to identify a machine and port for a specific process on that machine.
For me ports have to do with application layer ; there are some ports for some process (80 for HTTP, 25 for SMTP etc...). Ports have nothing to do with TCP layer (transport). Ports should be implemented at a higher level (application layer). So why do you say "TCP port" and not "application port" ?
Thanks
TCP or UDP ports are defined in either layer 4 of the OSI model or layer 3 of the TCP/IP model, both are defined as the 'transport' layer.
OSI layer 5 'session layer' uses the ports defined in layer 4 to create sockets and sessions between communicating devices/programs/etc.
Reminder about OSI model:
It is a conceptual model. That means it describes an idealized, abstract, theoretical group of networking functions. It does not describe anything that someone actually built (at least nothing that is in use today).
It is not the only model. There are other models, most notably the TCP/IP protocol suite (RFC-1122 and RFC-1123), which is much closer to what is currently in use.
The most important things to understand about the OSI (or any other) model are:
We can divide up the protocols into layers
Layers provide encapsulation
Layers provide abstraction
Layers decouple functions from others
Dividing the protocols into layers allows us to talk about their different aspects separately. It makes the protocols easier to understand and easier to troubleshoot. We can isolate specific functions easily, and group them with similar functions of other protocols.
Each “function” (broadly speaking) encapsulates the layer(s) above it. The network layer encapsulates the layers above it. The data link layer encapsulates the network layer, and so on.
Layers abstract the layers below it. Your web browser doesn’t need to know whether you’re using TCP/IP or something else at at the network layer (as if there were something else). To your browser, the lower layers just provide a stream of data. How that stream manages to show up is hidden from the browser. TCP/IP doesn’t know (or care) if you’re using Ethernet, a cable modem, a T1 line, or satellite. It just processes packets. Imagine how hard it would be to design an application that would have to deal with all of that. The layers abstract lower layers so software design and operation becomes much simpler.

Start rails server with http protocol instead of TCP

I'm new to ruby and rails. I'm working on windows 10. Rails server is starting on tcp://0.0.0.0:3000 instead of http://localhost:3000. I'm using the following command.
rails server
When your Rails server says that it started on tcp://localhost:3000 , that actually means http://localhost:3030 , and on Windows machines you have to use http://127.0.01:3030 instead or else Windows messes it up somehow. Magic!
I think you are a bit confused with some basics in networks. I'll take the chance to clarify this to you.
Based on the Open Systems Interconnection model (OSI model) https://en.wikipedia.org/wiki/OSI_model
There are 7 layers to standardize the communication functions.
TCP is at Transport layer
The transport layer provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host, while maintaining the quality of service functions.
The transport layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state- and connection-oriented. This means that the transport layer can keep track of the segments and re-transmit those that fail delivery. The transport layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. The transport layer creates segments out of the message received from the application layer. Segmentation is the process of dividing a long message into smaller messages.
OSI defines five classes of connection-mode transport protocols ranging from class 0 (which is also known as TP0 and provides the fewest features) to class 4 (TP4, designed for less reliable networks, similar to the Internet). Class 0 contains no error recovery, and was designed for use on network layers that provide error-free connections. Class 4 is closest to TCP, although TCP contains functions, such as the graceful close, which OSI assigns to the session layer. Also, all OSI TP connection-mode protocol classes provide expedited data and preservation of record boundaries. Detailed characteristics of TP0-4 classes are shown in the following table:
HTTP is at Application layer.
The application layer is the OSI layer closest to the end user, which means both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. The most important distinction in the application layer is the distinction between the application-entity and the application. For example, a reservation website might have two application-entities: one using HTTP to communicate with its users, and one for a remote database protocol to record reservations. Neither of these protocols have anything to do with reservations. That logic is in the application itself. The application layer per se has no means to determine the availability of resources in the network.
This means that TCP is not something else than HTTP. Basically, HTTP (Layer 7) is built on TCP/IP (Layer 4).
https://en.wikipedia.org/wiki/Transmission_Control_Protocol
https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

Simulating packet encapsulation

I am developing an application which aims to simulate a real network. In order to do this, I need to have detailed information about how a packet is formed in a system.
Imagine you have an application layer message and you want to encapsulate it in a transport layer payload and add a specific port number for desired process in the header, and then encapsulate it in network layer payload and add IP addresses.
My question is that
Where does the encapsulation of upper layer protocols' packets to lower layers happen?
Is network card driver responsible for that or some other part in OS? and if so, which part?
I just want to note that I’ve read computer networks: A top down approach and Foruzan's book on the subject but all the information there ,was so theoretical.
Thanks in advance.
If you are asking about a real implementation, usually every message of a layer is conveyed as the whole payload of the lower layer message. Talking about TCP/IP stack in an OS like Windows or Linux, without SSL/TLS, this depends on the types of sockets you use. Supposing you use TCP, STREAM sockets, the application layer message you send with send or write system calls will become the payload of the TCP message. The processing of a TCP segment and an IP datagram happens in the OS Kernel. The processing of a layer 2 frame happens part in the NIC's device driver (in the kernel) and part in the NIC hardware. This depends on the specific NIC.
Something else to add is that some NIC's are able to calculate the checksum of TCP segments and UDP datagrams. Then the kernel offloads this task to the NIC. Only the checksum.

Should I split data or allow fragmentation

I am preparing to write a program that will be sending/receiving UDP datagrams.
Here is my question:
Should I manage the data so that what I am sending will fit in a single datagram? Basically splitting the data within the application and then sending multiple datagrams. Or, should I allow the network to handle the fragmentation and reassembly?
I am assuming standard MTU size of 1500 bytes. In theory, the maximum UDP payload on top of IPv4 is 65507 bytes.
Performance/overhead info, best practices, and other information is appreciated.
IP stack layers (and OSI layers) are designed so that works in one layer are transparent to upper layers. So, initially, you don't have to worry about how you send the data. You should know only aspects related to UDP: connectionless, unreliable ... and shouldn't care about IP layer.
I cannot see any advantage in considering the MTU at a higher layer unless you have your own custom stack.

During transmissions over localhost which layers are used in OSI Model?

While transmiting data via localhost address or 127.0.0.1 which layers are used in the OSI model?
I believe communication starts through application layer and goes down till some layer but no data goes through physical layer, or does any?
Traffic to 127.0.0.1 will be looped back by the internet layer of the TCP/IP model, which is matched in the OSI model by the Network layer. This is the layer where routing and address resolution take place.
I believe (although I'd be happy to be corrected) that data may actually go down as far as Layer 2 ("Datalink Layer").
There's no need to add any protocol headers or encoding to handle loopback interfaces, but never-the-less the operating system will normally treat the loopback interfaces as if they were real interfaces, each with their own packet counters, etc.
There's no reason at all why a loopback interface can't be used for non-IPv4 protocols - indeed many current systems automatically put an IPv6 address on the loopback interfaces.
In that sense a loopback interface is just a "null" Layer 2 device.

Resources