38 | Lesson 2 f. Click the ⫹ sign next to Internet Control Message Protocol to expand it and display the contents. This should display information about the ICMP packet, such as the fact that it is a reply packet, the checksum, the sequence number, and so on.

g. Click the ⫹ sign next to Internet Protocol. This will show you the version of IP

used IPv4, the size of the packet, and the source and destination IP addresses for the embedded ICMP packet. Both the ICMP and IP pieces of information correspond to the network layer of the OSI model.

h. Now click the ⫹ sign next to Ethernet. This is the network architecture used on

the data link layer. This field of information tells you the source and destination MAC addresses of the computers involved in the ping transaction.

i. Now click the ⫹ sign next to Frame there will be a frame number next to the

word “Frame”. This tells you the size of the frame captured, as well as when it was captured. These are the frames of information that the Wireshark application actually captures directly from the network adapter. Notice that the Ethernet frame is larger than the IP packet. That is because the IP packet is encapsulated into the frame. The encapsulation process started when the command prompt sent a 32-byte ping ICMP packet. This ping was then placed inside an IP packet with a total size of 60 bytes. The additional 28 bytes are known as layer 3 overhead, broken down between 20 bytes for the header includes the IP source and destination addresses and 8 bytes for additional overhead information for example, a trailer or checksum. Then, the IP packet was sent to the network adapter, where it was placed inside a frame. The frame added its own layer 2 overhead, an additional 14 bytes including the source and destination MAC address. This brought the grand total to 74 bytes—more than double what we started with. The frame was then sent out from the other computer’s network adapter in an effort to reply to the pinging computer as a serial bit stream across the network medium on the physical layer. This is what happens with every single communication, and the OSI model, particularly the communications subnetwork layers 1 through 3, helps us define what is happening behind the scenes by categorizing each step with a different layer. Routers also reside on the network layer. Routers make connections between one or more IP networks. They are known as the gateway to another IP network, and you may utilize their IP address in the Gateway address field of a computer’s IP Properties window to allow the com- puter access to other networks. Don’t confuse this definition of a gateway with the application layer gateway that will be defined later. Routers use protocols such as Routing Information Protocol RIP and Open Shortest Path First OSPF to direct packets to other routers and networks. UNDERSTANDING LAYER 3 SWITCHING Switches also reside on the network layer. A layer 3 switch differs from a layer 2 switch in that it determines paths for data using logical addressing IP addresses instead of physical addressing MAC addresses. Layer 3 switches are similar to routers—it’s how a network engineer implements the switch that makes it different. Layer 3 switches forward packets, whereas layer 2 switches forward frames. Layer 3 switches are usually managed switches; the network engineer can manage them utilizing the Simple Network Management Protocol SNMP, among other tools. This allows the network engineer to analyze all of the packets that pass through the switch, which can’t be done with a layer 2 switch. A layer 2 switch is more like an advanced version of a bridge, whereas a layer 3 switch is more like a router. Layer 3 switches are used in busy environments in which multiple IP networks need to be connected together. CERTIFICATION READY Can you define the differences between layer 2 and layer 3 switches? 2.1 There are many proto- col analyzers available. Microsoft incorporates one called Network Monitor into Windows Server products. TAKE NOTE Defining Networks with the OSI Model | 39 CERTIFICATION READY How do you define the upper layers of the OSI model? 3.1 In the following exercises, you will do the following: • Define the transport layer by showing connections in the command prompt and describing ports. • Define the session layer by logging into Web sites and other servers, as well as logging on and off of Microsoft networks and email programs. • Define the presentation layer by showing encryption in Windows and within Web sites. • Define the application layer by capturing web server packets and analyzing them. Layer 4 governs the transmission of messages through the communications subnetwork. Two common TCPIP protocols that are utilized on this layer include the Transmission Control Protocol TCP, which is a connection-oriented protocol, and the User Datagram Protocol UDP, which is connectionless. An example of an application that uses TCP is a web brows- er, and an example of an application that uses UDP is streaming media. When you download a web page, you don’t want to lose any packets of information because graphics would appear broken, certain text wouldn’t read correctly, and so on. By using TCP, we ensure that data gets to its final destination. If a packet is lost along the way, it will be resent until the destination computer acknowledges delivery or ends the session. But with streaming media, we are either watching or listening in real time. So, if a packet is lost, we don’t really care, because that time frame of the video or music has already passed. Once the packet is lost, we really don’t want it back. Of course, if the packet loss becomes too severe, the streaming media will become incomprehensible. Connection-oriented also known as CO mode communications require that both devices or computers involved in the communication establish an end-to-end logical connection before data can be sent between the two. These connection-oriented systems are often con- sidered reliable network services. If an individual packet is not delivered in a timely manner, it is resent; this can be done because the sending computer established the connection at the beginning of the session and knows where to resend the packet. In connectionless communications CL mode, no end-to-end connection is necessary before data is sent. Every packet that is sent has the destination address located in its header. This is sufficient to move independent packets, such as in the previously mentioned streaming media. But if a packet is lost, it cannot be resent, because the sending computer never established a logical connection and doesn’t know which logical connection to use to send the failed packet. Layer 4 also takes care of the ports that a computer uses for data transmission. Ports act as logical communications endpoints for computers. There are a total of 65,536 ports, numbering between 0 and 65,535. They are defined by the Internet Assigned Numbers Authority or IANA and divided into categories as shown in Table 2-1. ■ Defining the Upper OSI Layers The upper OSI layers are layers 4 through 7—the transport, session, presentation, and application layers. It is this portion of the OSI model that deals with protocols such as HTTP, FTP, and mail protocols. Compression, encryption, and session creation are also classified by these layers. THE BOTTOM LINE