OSI Layer 1: Network Interface Card raw data

In GNU/Linux, is there any way to see the 1 and zeroes sent and received by the network interface card?

Yes, in GNU/Linux, it's possible to see the raw data, including the bits (1s and 0s) sent and received by a network interface card (NIC), although typically this data is captured and displayed in hexadecimal format for readability. To capture and analyze network traffic at such a low level, you would use packet sniffing and analysis tools. Here are a few methods and tools you can use:

1. Wireshark

Wireshark is a very powerful network protocol analyzer tool that can capture and display the packets traveling back and forth on a network in as much detail as you need. It provides a graphical interface along with detailed information about each packet captured, including headers and payload content in hexadecimal and ASCII formats. To see the actual binary data, you might need to convert the hexadecimal values to binary, which can be done within Wireshark or with external tools.

  • Installation: Wireshark can be installed from the official package repositories of most Linux distributions.

    sudo apt-get install wireshark
  • Usage: You can start a capture session on a specific interface via the Wireshark GUI or by using the tshark command-line interface that comes with Wireshark.

2. tcpdump

tcpdump is a command-line packet analyzer tool that allows you to capture or filter TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Captured data is typically displayed in hexadecimal format but can be dumped to a file for further analysis or conversion.

  • Installation: It's usually pre-installed on many Linux distributions, but if not, you can install it via your package manager.

    sudo apt-get install tcpdump
  • Usage: You can use tcpdump to capture packets on an interface and then use additional tools to convert the hexadecimal output to binary if needed.

3. Converting Hexadecimal to Binary

While tools like Wireshark and tcpdump display data in hexadecimal, you can convert this output to binary using various scripting languages (like Python) or command-line utilities (like xxd). This conversion is rarely done in practice for network analysis because hexadecimal is much easier to read and understand when dealing with network traffic.

Example with tcpdump and Conversion:

  1. Capture packets with tcpdump and save to a file:

    sudo tcpdump -i eth0 -w capture.pcap
  2. You can then use tools or scripts to convert the hexadecimal data in capture.pcap to binary if needed.

Remember, capturing and analyzing network traffic at the binary level is complex and typically more detailed than necessary for most network analysis and troubleshooting tasks. Hexadecimal representation is the standard method for these activities because it's more compact and easier to interpret for humans.

You should also read: