Hi palermo,
So layer 2 will essentially always be ethernet for any networks you're likely to analyse captures from. In reality though it is simply the lowest level protocol for the communication (layer 1 being physical: radio, wired, microwave, optical fibre etc. and not really important from a software perspective).
An ethernet stack always starts with 6 bytes of destination mac, and then 6 bytes of source mac, the final two bytes indicate what protocol follows. This can be any one of a (very large) list of values - but the ones you're likely to find are (given here in big-endian network order as you'd see in wireshark): 0x0800 for IPv4, 0x8100 for VLan, 0x9100 for Double-Vlan (aka QinQ) (I don't remember what IPv6 is off the top of my head...but that should be in this list too).
As for the length of the IPv4 header, its minimum fixed length of 20 bytes is the what you'll see more than 99.99% of the time. However, you can determine exactly how long the header is by looked at the second
nibble (half a byte) of the first
byte of the header.
Typically IPv4 packets start with 0x45 - the 4 indicating that it is IPv4 and the 5 indicating the length coefficient. The value of 20 for the standard length is computed by taking the
5 and multiplying it by
4.
Since a header is always padded to a multiple of 4 bytes this equation holds true. For example, a header of length 32 would start 0x48.
Application Protocols are
conventionally determined by their source port yes. 80 = HTTP, 25 = SMTP, 161 = SNMP, 53 = DNS etc. however it is worth remembering that you can run a web server on port 12345 if you want to and it would make absolutely no difference - although there could well be technicalities from a firewall policy point of view, but theoretically it makes no difference.
Hope that helps, ordinarily I wouldn't answer homework questions on here but you appear to have done a certain degree of investigation yourself and if there is anything I believe in within the computing industry it is that knowledge should be shared at every opportunity for everyone's mutual benefit.
Best of luck,
Michael.
---------- Post added at 07:32 PM ---------- Previous post was at 07:27 PM ----------
Oh and by the way -
https://wireshark.org/ for everything you'll ever need on network packet analysis