Note: In networking terminology, we call data at the transport layer a segment, data at the network layer a packet, and data at the data link layer a frame. What packet capture does is to capture each packet that makes up the conversation so that these packets can be looked into at a deeper level. In most cases, several “packets” will be sent between the client and the server to form the communication/conversation between these devices. Before the HTTP request can be sent, other forms of communication like ARP and TCP Handshake will have taken place. Note: This is an oversimplification of the process. The server will then perform the reverse process (decapsulation) until it retrieves the HTTP request from the client and then processes it.
For example, the HTTP request will be encapsulated in a TCP header, and then an IP header, and then becomes an Ethernet frame, until it is sent out over the wire to the server. However, for that HTTP request to get to the server, the data needs to be “encapsulated” across the various layers of the OSI model. From a high level, the client will make an HTTP request for that particular page on the web server. So what happens when two devices on a network want to communicate? Let’s take the example of a client that wants to access a particular page on a web server. If you have been in the networking world for even a short while, then you will be familiar with the OSI model:ħ layers, from Application down to the Physical layer. What is a “Packet”?īefore we continue in this article, let’s first talk about what we mean by “packets”. In this article, we will discuss packet capture in detail by looking at its uses, challenges associated with capturing packets, tools that can help with packet capture, and also configure a lab that focuses on packet capture using Wireshark and analyzing the packets we sniffed to understand what they are doing.
With Packet capture, you can look into individual packets as they flow across a network and use the information gleaned from this process for several purposes – whether you trying to investigate high bandwidth usage or Monitor your network for suspicious traffic – we'll see the benefits of this as we continue with our lab. So what do you do in times like that when you feel your hands are tied?
If you are on a Cisco router, you may want to use the debug ip packet IOS Command but then you have probably heard (and experienced?) that turning on debugging on a production network can have serious performance impacts. Have you ever been in a difficult position as a Network Engineer where you keep troubleshooting a problem but you are not making headway? In certain instances like that, you just wish you can see what is really happening with each packet in the traffic flow.
0 kommentar(er)
