Hey.

The figure below shows the request frame (from wireshark) to the DNS server (my computer asks for the IP address that corresponds to google.ru). Why does a DNS query look like this? enter image description here

I understand this: when data passes through the levels of the network model from top to bottom, then at each level of the TCP / IP stack information is added to the data - a header. There are only 4 levels, so there should be 4 headers. And wireshark gives 5 headers. At the application level, a DNS header is added, at the transport level, a UDP header (contains the sender's and recipient's ports), on the Internet layer — an IP header (contains the sender's and recipient's ip); ). What is this header for Frame 27 ???

    1 answer 1

    This is information from wireshark'a - caught the package, in such a size, such a number on this interface, whole / beaten, and the like. Numbers are just a numbering from the beginning of the collection of packages.

    That is, this is meta-information, which is added by wireshark itself for convenience and further analysis. This information is not in the package, or it is there "implicitly" - for example, the total size of the package.

    • thank. I have already been told about this in another forum: the frame protocol is not a real protocol. It shows information from capturing, such as capturing. Pseudo dissector. - Dimon