Skip to content

Packet Layers

OSI model overview🔗

The Open Systems Interconnection (OSI) model is a conceptual model created by the International Organization for Standardization which enables communication systems to communicate using standard protocols.

The OSI Model can be seen as a universal language for computer networking, which allows network traffic to be transferred and displayed between systems.

This conceptual model is broken down into seven abstract layers, each one stacked upon the last.

OSI model layers🔗

  • Application (Layer 7) - Displays the graphical User Interface (UI) - what the end-user sees
  • Presentation (Layer 6) - Formats data to achieve effective communication between networked applications
  • Session Layer (Layer 5) - Ensures connections between end-points are continuous and uninterrupted
  • Transports Layer (Layer 4) - Ensures error-free data transfer between each endpoint by processing TCP and UDP protocols. At this layer, Pyshark can be used to analyze TCP traffic between two IP addresses
  • Network Layer (Layer 3) - Ensures routing data for routers residing on this network are error-free
  • Data Link Layer (Layer 2) - Identifies physical servers through two sub-layers, Media Access Control (MAC), and Logical Link Control (LLC)
  • Physical Layer (Layer 1) - Comprised of all the physical hardware that processes network activity

OSI model layer protocol standards🔗

  • Application (Layer 7) - FTP, HTTP, POP3, SMTP, SNMP
  • Presentation (Layer 6) - ASCH, MPEG, SSL, TLS
  • Session Layer (Layer 5) - NetBIOS, SAP
  • Transports Layer (Layer 4) - TCP, UDP
  • Network Layer (Layer 3) - ARP, ICMP, IPSEC, IPV5, IPV6, MPLS
  • Data Link Layer (Layer 2) - ATM, Fiber Cable, Frame Relay, PPP, RAPA
  • Physical Layer (Layer 1) - ISDN, RS232, 100BaseTX

PyShark packet layer🔗

All packets processed with PyShark have layers, but these layers vary based on the packet type. These layers can be queried and the data elements within these layers can be extracted. Layer types can be accessed using the following parameter: 

import pyshark

capture = pyshark.LiveCapture(interface='your capture interface')
for packet in capture:
    layers = packet.layers
    print(layers)

Common Layers:🔗

  • ETH Layer - Ethernet
  • IP Layer - Internet Protocol
  • TCP Layer - Transmission Control Protocol
  • UDP Layer - User Datagram Protocol
  • ARP Layer - Address Resolution Protocol

Other Layers:🔗

  • BROWSER Layer - Web browser
  • DATA Layer - Normal data payload of a protocol
  • DB-LSP-DISC Layer - Dropbox LAN Sync Discovery
  • DHCP Layer - Dynamic Host Configuration Protocol
  • HTTP Layer - Hypertext Transfer Protocol
  • LLMNR Layer - Link-Local Multicast Name Resolution
  • MAILSLOT Layer - Mailslot protocol is part of the SMB protocol family
  • MSNMS Layer - Microsoft Network Messenger Service
  • NAT-PMP Layer - NAT Port Mapping Protocol
  • NBDGM Layer - NetBIOS Datagram Service
  • NBNS Layer - NetBIOS Name Service
  • SNMP Layer - Simple Network Management Protocol
  • SSDP Layer - Simple Service Discovery Protocol
  • TLS Layer - Transport Layer Security
  • XML Layer - Extensible Markup Language