While the OSI model is theoretical, the TCP/IP suite is what actually runs the internet. Every packet you analyze in Wireshark maps directly to these four operational layers.
The Link layer handles local MAC addressing, while the Internet layer (IP) manages logical routing across disparate networks. Security here focuses on routing integrity and local access control.
💡 Pro-tip: IP headers contain the TTL (Time to Live) field, which is crucial for OS fingerprinting during reconnaissance.
ping -c 4 8.8.8.8 | grep ttlObserving the TTL value helps infer the target operating system, as Windows and Linux initialize TTL differently.
The Transport layer (TCP/UDP) ensures data delivery and multiplexing via ports. The Application layer hosts the actual protocols (HTTP, DNS) that users interact with.
⚠️ Never trust Application layer data without validation. TCP only guarantees delivery, not the safety or integrity of the payload.
| TCP/IP Layer | OSI Equivalent | Core Protocol |
|---|---|---|
| Link | L1/L2 | Ethernet/ARP |
| Internet | L3 | IPv4/IPv6 |
| Transport | L4 | TCP/UDP |
Verify exercises to earn ★ 110 XP and unlock next lab level.