Protocol layers and Wireshark
Rahul Hiran
TDTS11:Computer Networks and Internet
Protocols
Textbook: “Computer Networking: A Top Down
Approach”, by Jim Kurose and Keith Ross.
Note: The slides are adapted and modified based on slides from the
book’s companion Web site, as well as modified slides by Niklas Carlsson
1
What will I talk about?
• Short description from lecture 1 about
computer networks
• Internet protocol stack
• How to see what different stack layer does
• Using network analysis tool called wireshark
2
What’s the Internet: Slide from lecture 1
PC
 millions of connected
computing devices: hosts =
end systems
 running network apps
server
wireless
laptop
cellular
handheld

 fiber, copper, radio,
satellite
access
points
wired
links

router
communication links
Mobile network
Global ISP
Home network
Regional ISP
Institutional network
routers: forward packets
(chunks of data)
3 1-3
Introduction
What’s a protocol?
(slide from lecture 1)
human protocols:
 “what’s the time?”
 “I have a question”
 introductions
… specific msgs sent
… specific actions taken
when msgs received, or
other events
network protocols:
 machines rather than
humans
 all communication activity
in Internet governed by
protocols
protocols define format, order of
msgs sent and received among
network entities, and actions
taken on msg transmission, receipt
4 1-4
Introduction
More about protocols
• There are many protocols that are involved in
working of computer network
• There is a internet protocol stack. A protocol
normally belongs to one of the layers in the stack.
• Let us look at the airline functionality
5
Layering of airline functionality
ticket (purchase)
ticket (complain)
ticket
baggage (check)
baggage (claim
baggage
gates (load)
gates (unload)
gate
runway (takeoff)
runway (land)
takeoff/landing
airplane routing
airplane routing
airplane routing
departure
airport
airplane routing
airplane routing
intermediate air-traffic
control centers
arrival
airport
Layers: each layer implements a service
– via its own internal-layer actions
– relying on services provided by layer below
6
Introduction 1-6
Internet protocol stack

application: supporting network
applications
 FTP, SMTP, HTTP

transport: process-process data transfer
 TCP, UDP

network: routing of datagrams from
source to destination
 IP, routing protocols

link: data transfer between neighboring
network elements
application
transport
network
link
physical
 Ethernet, 802.111 (WiFi), PPP

physical: bits “on the wire”
7
Introduction 1-7
Encapsulation
8
wireshark
• How can we analyze the network data?
• Using tools such as wireshark
• Wireshark: a network packet analyzer. A
network packet analyzer will try to capture
network packets and tries to display that
packet data as detailed as possible.
• Let us start wireshark….!
9
Start screen of wireshark
10
Make your own capture or open
existing trace files
11
Graphical User Interface
12
Reduce clutter
• Disable the checksum error messages from
Views->Coloring rules…menu item
• Enter data in the filter to show only http
packets
• Let us look at the example
13
After unnecessary data is removed
14
Let us look at the application level data
15
Internet protocol stack

application: supporting network applications
 FTP, SMTP, HTTP

transport: process-process data transfer
 TCP, UDP
 TCP is responsible for the establishment of a TCP
connection, the sequencing and
acknowledgment of packets sent, and the
recovery of packets lost during transmission

network: routing of datagrams from source
to destination
 IP, routing protocols

link: data transfer between neighboring
network elements
application
transport
network
Link
physical
 Ethernet, 802.111 (WiFi), PPP

physical: bits “on the wire”
16
Introduction 1-16
Encapsulation
17
TCP header
18
TCP header data in our packet
19
How to look at time/sequence plot
•
•
•
•
Select tcp-ethereal-trace-1
Filter by entering tcp
Select TCP segment
Go to statistics-> TCP streamgraph -> Timesequence graph (stevens)
20
Internet protocol stack

application: supporting network applications
 FTP, SMTP, HTTP

transport: process-process data transfer
 TCP, UDP

network: routing of datagrams from source
to destination
 IP, routing protocols
 The Internet layer is responsible for addressing,
packaging, and routing functions.

link: data transfer between neighboring
network elements
application
transport
network
Link
physical
 Ethernet, 802.111 (WiFi), PPP

physical: bits “on the wire”
21
Introduction 1-21
Encapsulation
22
Internet layer
• Let us first open ip-ethereal-trace-1
• And look at the first ICMP message
• We also look at the IP protocol header format
23
IP header
24
IP header in collected traces
25
Internet protocol stack

application: supporting network
applications
 FTP, SMTP, HTTP

transport: process-process data transfer
 TCP, UDP

network: routing of datagrams from
source to destination
 IP, routing protocols.

link: data transfer between neighboring
network elements
application
transport
network
Link
physical
 Ethernet, 802.111 (WiFi), PPP

physical: bits “on the wire”
26
Introduction 1-26
What’s the Internet: Slide from lecture 1
• Network layers job is end-toend movement of data from
source to destination
• Link layers job is node-tonode movement of networklayer datagrams over a single
link in the path
• Ethernet is quite popular
protocol
• Let us look at the header
Mobile network
Global ISP
Home network
Regional ISP
Institutional network
27 1-27
Introduction
Ethernet header and trailer
28
Conclusion

application: supporting network
applications
 FTP, SMTP, HTTP

transport: process-process data transfer
 TCP, UDP

network: routing of datagrams from
source to destination
 IP, routing protocols

link: data transfer between neighboring
network elements
application
transport
network
link
physical
 Ethernet, 802.111 (WiFi), PPP

physical: bits “on the wire”
29
Introduction 1-29
Conclusion
30
Questions…?
31
www.liu.se
32