No network explanation is complete without mentioning the OSI layer model; while often over-used, understanding how the network stack operates remains useful.
The final layer is the application itself, such as a web server, email server, and so on. The application layer includes the actual data protocols being used (such as HTTP, SMTP, etc).
The presentation layer prepares data for applications, including compression, encryption, and so on.
Traditionally the session layer is responsible for opening and closing sessions, such as a file upload or a multi-requestion connection like HTTP2.
Above layer 4, many modern protocols begin to blur the lines between traditional layers.
The transport layer is responsible for establishing end-to-end communication between devices, retransmitting lost packets, and determining flow control and rates. Protocols such as TCP operate on the transport layer.
The network layer is responsible for passing packets between networks: routing and network address translation happens here, as well as IP addressing.
The layer at which data is encoded into packets and frames, error correction and handling, and transmission between equipment.
The actual physical equipment (switches, cables, and so on) as well as the actual digital encoding used to signal data.
Likely the most important take-away from the OSI layer model is that each layer is built on the layers below it, and that tools and devices which operate on one layer (such as a typical Ethernet bridge operating on layer 2) can not typically manipulate higher layers.
Thanks to this hierarchical model, modern network applications and protocols function across diverse networks: A web browser doesn't need to understand if it is communicating over Ethernet, Wi-Fi, TokenRing, or even carrier pigeon, so long as the lower layer is able to move data.
What it really means to us
Modern Internet protocols often blur the lines between the higher (layers 5, 6, and 7) abstractions: Traditional HTTP/1 and HTTP/2 operate over standard TCP streams, while the HTTP/3 QUIC protocol implements session and retransmission as part of the protocol itself.
Still, understanding how networks operate on multiple layers is crucial to understanding how the Packet Squirrel interacts with the network, how network manipulation is done, and what is possible.
The Packet Squirrel exists and operates on multiple network levels simultaneously, which allows some non-traditional network capture and manipulation.
Network bridging connects two or more separate network segments together to form a larger network. A network bridge works by forwarding data packets between different network segments based on their MAC (Media Access Control) addresses. Bridging typically occurs exclusively at the Data Link Layer (Layer 2) of the OSI stack.
When two separate network segments are bridged together, they are effectively combined into a single logical network. This can be useful in situations where you want to connect different types of network technologies together, such as Ethernet and Wi-Fi networks, or to extend the range of a wired network by connecting it to a wireless network.
To bridge two network segments together, you would typically need to install a network bridge device or software on a computer or router that has connections to both networks. The bridge device would then forward data packets between the two networks based on their MAC addresses.
When a data packet is received by the bridge device, it examines the MAC address of the packet to determine which network segment it belongs to. If the packet belongs to the same network segment as the bridge device, it is simply forwarded to its destination. However, if the packet belongs to a different network segment, the bridge device will forward the packet to the appropriate network segment.
Overall, network bridging provides a way to combine multiple network segments into a larger network, allowing devices on each segment to communicate with each other as if they were on the same network.
TRANSPARENT network modes, the Packet Squirrel operates as a Layer 2 bridge: Packets are copied from the Target to the Network ports. By manipulating the packet bridging rules, a payload can implement additional rules on when packets are copied between interfaces.
As a Layer 2 bridge, the Packet Squirrel is able to log all packets of any type crossing the device, but it is also able to leverage packet deciding and injection to respond to packets and influence higher layers of operation, such as injecting false DNS responses or terminating streams at layer 5.
Routing is the process of forwarding network traffic from one network to another, across various networking devices such as routers, switches, and firewalls.
Routing primarily takes place at the Network Layer (Layer 3) of the OSI model, which is responsible for logical addressing, routing, and forwarding of packets between networks. The network layer uses IP addressing to provide logical addressing and define a unique identifier for each device on the network. IP addressing is essential for routing because it allows routers to determine where to forward packets based on the destination IP address in the packet.
Routing interacts with other layers of the OSI model as well. For example, at the Data Link Layer (Layer 2), switches use MAC addresses to forward packets within a local network. However, when a packet needs to be forwarded to a different network, it is sent to a router, which examines the destination IP address and decides where to send it next. At the Transport Layer (Layer 4), routing can be used to load balance traffic across multiple paths and improve performance by distributing traffic evenly.
Routing is essential for communication between devices on different networks and interacts with other layers of the OSI model, such as the Data Link Layer (Layer 2) and the Transport Layer (Layer 4), to enable end-to-end communication.
NAT mode, the Packet Squirrel operates as a Layer 3 router; with the NAT translation, it also manipulates packets at Layer 4 and Layer 5, rewriting the IP and TCP headers.