Where do virtual networking adaptors and software like WinPcap fall into the OSI model?

2

My question is about networking software and where it inputs and outputs. I kind of understand the OSI model, but what I don’t really understand is where virtual network adapters and software like WinPcap and firewalls fall into it.

IMG:
OSI model

What I'm thinking is (and I'm usually wrong so please correct me):

WinPcap is software to read (not delete or modify normal network traffic) and do its own thing with that data at the data link layer? For example, a web request is sent from your router to your PC the data travels like this:

  1. (physical) traffic from router is sent through Ethernet cable
  2. (physical) Ethernet interface network adapter and driver
  3. (data link) mac sees what devices it is
  4. (data link) llc flow control data checks
  5. (data link) WinPcap reads data here?
  6. (network) IP is read here
  7. (transport) TCP/UDP is handled here
  8. (session) application connection and ports here
  9. (syntax) ASCII encoding/decoding
  10. (application) http

The case with virtual adapters is they are tricking the system in running the data through two physical adapters however one isn't actually physical, it's software to encrypt data (possibly something else). So for example:

  1. (physical) traffic from router
  2. (physical) Ethernet interface network adapter
  3. (physical) virtual network adapter
  4. (data link) mac
  5. (data link) llc
  6. (network) IP
  7. (transport) TCP
  8. (session) application connection and ports
  9. (syntax) ASCII encoding/decoding
  10. (application) http

With a well designed firewall it intervenes in multiple places like:

    4. mac
    6. IP
    7. TCP
    8. application and ports
  10. http

user672700

Posted 2016-12-08T02:47:06.557

Reputation: 21

Generally asking for reading material would be off-topic. It's not entirely clear what your real question is. A piece of software can handle multiple layers at once or they might as well not be existent - Think about TCP/UDP and sessions.

– Seth – 2016-12-08T07:23:01.167

Answers

1

Not everyone uses the 7 layer model these days, and its worth considering all these models are abstractions. There's a 4 layer model that covers the same ground and...

enter image description here

There we are, taken from Technet,

Your "virtual" network adaptors are essentially physical layer devices that arn't actually physical, using an ethernet data-link layer to talk to another device that's not actually physical (also see tap/tun devices). The DARPA/TCP/IP protocol architecture layer description of it being network layer device makes sense.

Packet sniffers... don't really fit that well. They essentially are shoulder surfing the network traffic, with drivers that let them snoop on network traffic. They don't really do any application layer protocols on their own either, and are pretty much not on either model.

At the end of the day, the OSI and even TCP/IP models are more of a pedagogical tool than something that's written in stone. I prefer the 4 layer model since its closer to reality, but even then, you're going to run across things that don't fit that well.

Journeyman Geek

Posted 2016-12-08T02:47:06.557

Reputation: 119 122

Asked: 2016-12-08T02:47:06.557

Viewed: 222 times

Active: 2016-12-08T08:09:47.727