Viewing OSI layers on Wireshark

Wireshark is a great tool to see the OSI layers in action. I use a VM to start my Window 7 OS, and test out Wireshark, since I have a mac. I start Wireshark, then go to my browser and navigate to the google site.

In my Wireshark log, I can see several DNS requests to google. My computer at IP address 10.0.0.2 is querying the Domain Name Server to locate the IP address of google.com site. The “A” code means the request is for IPv4:

It may take several requests until the server finds the address. This is what a DNS response look like:

Once the server finds google.com, we get a HTTP response, which correspond to our OSI layer:

The HTTP is our Application layer, with its own headers. Let’s go through all the other layers:

Layer 4, the transport layer

Layer 3, the network layer (or the internet layer in TCP/IP)

Layer 2, the DataLink Layer

Layer 1, the Physical Layer