Exam 312-50v11 topic 1 question 283 discussion

I always understood protocol analyzers to be a L2 thing, Wireshark etc. operate at L2 if we took that approach (L2 + L3) sure why not keep going and include L4, L5, L6, L7 in that statement? or to put it another way...if we operate at L3 then where does all the L2 info come from in a capture, huh? fact is we hoover up at L2 and we get to see the goodies from there up in analysis I suspect the thing that is confusing folks is that horrible terminology "Packet" vs "Frame" ignore that L2

Sniffers operate at the data link layer and can capture packets. (P.1105)

Sniffing at L2

No doubt about it.

Sniffing in the Data Link Layer of the OSI Model The OSI model describes network functions as a series of seven layers. Each layer provides services to the layer above and receives services from the layer below. The data link layer is the second layer of the OSI model. In this layer, data packets are encoded and decoded into bits. Sniffers operate at the data link layer and can capture packets from this layer. Networking layers in the OSI model are designed to work independently of each other; thus, if a sniffer sniffs data in the data link layer, the upper OSI layers will not be aware of the sniffing.

Sniffers operate at the data link layer of the OSI model. Ref: CEHv11 book page 1089

As sniffers gather packets at the data link layer, they can grab all the packets on the LAN of the machine running the sniffer program.

B is correct

B is correct. Sniffers operate at the data link layer of the OSI model. Module 08 Page 10.

C is correct - wireshark can see frames (layer 2) and packets (layer 3)

option B is the correct

I would say "C. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model."