Wireshark (What is middle pane in Wireshark?)


As we mentioned in the previous post, we would cover the middle pane in Wireshark. In this post, I’ll briefly go over a few elements in each section of that pane.

But before that, I’d like you to review the OSI model (shown below).



You may be surprised, but the middle pane in Wireshark is actually organized in the same sequence as the OSI model — from bottom to top.


     
           Image source: Wireshark interface

I have randomly selected this packet — it’s a TCP packet. The packet is highlighted in red because the connection was reset (as indicated by the RST flag in the Info column). There could be a variety of reasons for this, but most commonly, it’s due to latency issues or an application crash.



 Image source: Wireshark interface

The first section is the Frame, which corresponds to the Physical layer of the OSI model. This is where the actual conversion of bits into electrical signals, light pulses, or radio waves occurs — depending on the medium you're using, such as Ethernet, fiber optic cable, or Wi-Fi.

In the Frame section, we can see the following:

  • Bytes on wire and bytes captured values. Sometimes, the bytes captured may be lower than the actual bytes on the wire.

  • Interface ID — the interface from which the packet was captured.

  • Additional metadata about the packet.



 Image source: Wireshark interface

The Ethernet section corresponds to the Data Link layer of the OSI model. There’s nothing IP-related here — only MAC addresses are visible, not IP addresses.

  • Destination MAC address — the MAC address of the server's (receiver's)network card.

  • Source MAC address — the MAC address of your own computer’s network card.



 Image source: Wireshark interface

The Internet Protocol section corresponds to the Network layer of the OSI model. This is where the actual network-related data is shown, such as:

  • Source IP address

  • Destination IP address

  • Header details, including the Time To Live (TTL) value, which decrements by one each time the packet passes through a router. If the TTL reaches zero, the packet is dropped.

  • Protocol, which in this case is listed as TCP


 Image source: Wireshark interface

The Transmission Control Protocol (TCP) section maps to the Transport layer of the OSI model. Here, we can see:

  • Source port

  • Destination port

  • Checksums (used for error checking)

  • Flags (used in the handshake process)

This was a brief overview of the middle pane section in Wireshark.

I know we didn’t cover all the details in each section, but if you have any questions or suggestions, feel free to post them in the comments below. Thank you!

SUBSCRIBE HERE FOR FUTURE POSTS

Comments

Post a Comment