Analyzing a TCP/IP trace with respect to the OSI model - TCP-IP

This is a discussion on Analyzing a TCP/IP trace with respect to the OSI model - TCP-IP ; Gurus, When analyzing a TCP/IP trace, within your favorite capture program, usually there's an order in the bottom pane of the program like this: +Frame # +Ethernet II +Internet Protocol +Transmission Control Protocol + You expand the "+" signs and ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Analyzing a TCP/IP trace with respect to the OSI model

  1. Analyzing a TCP/IP trace with respect to the OSI model

    Gurus,

    When analyzing a TCP/IP trace, within your favorite capture program, usually
    there's an order in the bottom pane of the program like this:

    +Frame #
    +Ethernet II
    +Internet Protocol
    +Transmission Control Protocol
    +

    You expand the "+" signs and get more detail on that part of the packet. Is
    the order breakdown above b/c that is the layer order of the Network OSI
    model? I.e., Physical (Frame #); Data Link (Type of network i.e. Ethernet,
    Ethernet II, or Token Ring et al..); Network (IP or ICMP): Transport (TCP or
    UDP); Session, Presentation and Application (Services like FTP).

    --
    Spin


  2. Re: Analyzing a TCP/IP trace with respect to the OSI model

    On Sat, 16 Aug 2008 13:07:41 -0400, Spin wrote:

    > Gurus,
    >
    > When analyzing a TCP/IP trace, within your favorite capture program,
    > usually there's an order in the bottom pane of the program like this:
    >
    > +Frame #
    > +Ethernet II
    > +Internet Protocol
    > +Transmission Control Protocol
    > +
    >
    > You expand the "+" signs and get more detail on that part of the packet.
    > Is the order breakdown above b/c that is the layer order of the Network
    > OSI model? I.e., Physical (Frame #); Data Link (Type of network i.e.
    > Ethernet, Ethernet II, or Token Ring et al..); Network (IP or ICMP):
    > Transport (TCP or UDP); Session, Presentation and Application (Services
    > like FTP).


    Not at all and yes.

    It's the layering present in the tcp/ip stack, which is somewhat like,
    but not the same as OSI layering. Layers 1 and 2 are the same, layer 3
    more or less the same, same for layer 4, above that, no similarity.

    M4

  3. Re: Analyzing a TCP/IP trace with respect to the OSI model

    Ah yes, RFC 1122, October 1989. http://tools.ietf.org/html/rfc1122

    +Ethernet II...Link Layer
    +Internet Protocol...Internet Layer
    +Transmission Control Protocol...Transport Layer
    +...Application Layer.

  4. Re: Analyzing a TCP/IP trace with respect to the OSI model

    On Aug 16, 2:21*pm, Martijn Lievaart wrote:

    > It's the layering present in the tcp/ip stack, which is somewhat like,
    > but not the same as OSI layering. Layers 1 and 2 are the same, layer 3
    > more or less the same, same for layer 4, above that, no similarity.


    This topic crops up from time to time.

    You have named 5 of the 7 layers as being essentially the same,
    between what RFCs list and what the ISO/OSI model lists. The two
    missing layers, session and presentation, do they "not exist," or are
    they "different," or are they merely not mentioned explicitly in RFCs,
    but instead subsumed as part of the application layer?

    I say, the latter.

    For instance, something must launch the session. And perhaps,
    something is also there to repair that session if a lower layer breaks
    it. The sort of thing that happened a lot in the days of dialup
    Internet access, when clever FTP applications did not force the user
    to start a laborious download from scratch when the phone line got
    hung up unexpectedly.

    The presentation layer function, agreement on the way the data are
    coded and scaled, does it not exist, or is it an intrinsic component
    the application?

    Bert

  5. Re: Analyzing a TCP/IP trace with respect to the OSI model

    On Sun, 17 Aug 2008 14:13:06 -0700, Albert Manfredi wrote:

    > On Aug 16, 2:21*pm, Martijn Lievaart wrote:
    >
    >> It's the layering present in the tcp/ip stack, which is somewhat like,
    >> but not the same as OSI layering. Layers 1 and 2 are the same, layer 3
    >> more or less the same, same for layer 4, above that, no similarity.

    >
    > This topic crops up from time to time.
    >
    > You have named 5 of the 7 layers as being essentially the same, between
    > what RFCs list and what the ISO/OSI model lists. The two missing layers,
    > session and presentation, do they "not exist," or are they "different,"
    > or are they merely not mentioned explicitly in RFCs, but instead
    > subsumed as part of the application layer?
    >
    > I say, the latter.


    I agree on that, although I have doubts on the actual usability of those
    layers in practice. In abstract, no problem, but in practice, things tend
    to be a little more complicated.

    I think the best course of action, is to discard the whole notion of
    layers 5 and 6. Yes, you need sessions and presentation, but if you keep
    to tightly to the OSI model you will try to fit existing software and new
    developments into this model when it is inappropriate (which is nearly
    always).

    OSI is dead. Not only because the actual stack was impossible to
    implement, but also because the layering model does not fit both existing
    and emerging software. Drop it, eradicate it from your memory, don't
    bother. Just keep it at the back of your mind, as the concepts are
    important, but the actual layering sucks.

    M4

+ Reply to Thread