Hi,
I read the following on wikipedia:
Preamble and start frame delimiter are not displayed by packet sniffing software because these bits are stripped away at OSI Layer 1 by the network interface controller before being passed on to the OSI layer 2 which is where packet sniffers collect their data. There are layer-2 sniffers which can capture and display the preamble and start frame delimiter but they are expensive and mainly used to detect physical related problems.
It says layer-2 sniffers can capture and display the preamble. This is contrast to my intuitive thinking about it. Higher OSI layer is far away from physical layer while Ethernet preample is the basic physical layer data. Can you confirm the above statement and explain it to me?
Thanks,