Hello, Can you please let me know at which layer snoop captures packets? Is it after physical layer or?
asked 21 Sep '12, 09:58
Is that "snoop" as in "the Solaris (and IRIX?) packet analyzer named "snoop"" or "snoop" as in "packet analyzers in general, including Wireshark"?
In either case, if you use the OSI model, the capturing is usually done at the data link layer, above the physical layer, at least for LAN traffic. For WANs it might be above some part of the data link layer; for example, ATM traffic might not capture each ATM cell individually, but might get an entire AAL5 PDU as a single reassembled frame, and PPP over a T-carrier or E-carrier link might show PPP frames without the underlying "HDLC-like framing".
answered 21 Sep '12, 11:49
Guy Harris ♦♦