話說 Scapy 裡有一個

Traceroute

In computing, traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path); the sum of the mean times in each hop is a measure of the total time spent to establish the connection. Traceroute proceeds unless all (three) sent packets are lost more than twice, then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point.

The command traceroute is available on many modern operating systems. On Unix-like systems such as FreeBSD, macOS, and Linux it is available as a command line tool. Traceroute is also graphically accessible in macOS within the Network Utilities suite. OnMicrosoft Windows and ReactOS, it is named tracert. Windows NT-based operating systems also provide PathPing, with similar functionality. For Internet Protocol Version 6 (IPv6) the tool sometimes has the name traceroute6 or tracert6.

Implementation

On Unix-like operating systems, traceroute sends, by default, a sequence of User Datagram Protocol (UDP) packets, with destination port numbers ranging from 33434 to 33534; the implementations of traceroute shipped with Linux,^[1] FreeBSD,^[2] NetBSD,^[3]OpenBSD,^[4] DragonFly BSD,^[5] and macOS include an option to use ICMP Echo Request packets (-I), or any arbitrary protocol (-P) such as UDP, TCP using TCP SYN packets, or ICMP.^[6] In Windows, traceroute sends ICMP echo requests instead of UDP packets.^[7]

The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination. Traceroute sends packets with TTL values that gradually increase from packet to packet, starting with TTL value of one. Routers decrement TTL values of packets by one when routing and discard packets whose TTL value has reached zero, returning the ICMP error message ICMP Time Exceeded.^[6] For the first set of packets, the first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the source. The next set of packets are given a TTL value of two, so the first router forwards the packets, but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets traverse, until the destination is reached and returns an ICMP Echo Reply message.^[6]

The timestamp values returned for each router along the path are the delay (latency) values, typically measured in milliseconds for each packet.

The sender expects a reply within a specified number of seconds. If a packet is not acknowledged within the expected interval, an asterisk is displayed. The Internet Protocol does not require packets to take the same route towards a particular destination, thus hosts listed might be hosts that other packets have traversed. If the host at hop #N does not reply, the hop is skipped in the output.

If a network has a firewall and operates both Windows and Unix-like systems, more than one protocol must be enabled inbound through the firewall for traceroute to work and receive replies.

Some traceroute implementations use TCP packets, such as tcptraceroute and layer four traceroute. PathPing is a utility introduced with Windows NT that combines ping and traceroute functionality. MTR is an enhanced version of ICMP traceroute available for Unix-like and Windows systems. The various implementations of traceroute all rely on ICMP Time Exceeded (type 11) packets being sent to the source.

On Linux, tracepath is a utility similar to traceroute, with the primary difference of not requiring superuser privileges.^[8]

Cisco‘s implementation of traceroute also uses a sequence of UDP datagrams, each with incrementing TTL values, to an invalid port number at the remote host; by default, UDP port 33434 is used. An extended version of this command (known as the extended traceroute command) can change the destination port number used by the UDP probe messages.^[9]

Router addresses can be superimposed upon maps of their physical locations. This example shows a request fromNew Zealand to an IP in Massachusetts which takes a route that passes through Europe.

 

指令，依著使用手冊講解

TCP traceroute

……

Scapy may also use the GeoIP2 module, in combination with matplotlib and cartopy to generate fancy graphics such as below:

Scapy may also use the GeoIP2 module, in combination with matplotlib and cartopy to generate fancy graphics such as below:

In this example, we used the traceroute_map() function to print the graphic. This method is a shortcut which uses the world_trace of the TracerouteResult objects. It could have been done differently:

>>> conf.geoip_city = "path/to/GeoLite2-City.mmdb"
>>> a = traceroute(["www.google.co.uk", "www.secdev.org"], verbose=0)
>>> a.world_trace()

or such as above:

>>> conf.geoip_city = "path/to/GeoLite2-City.mmdb"
>>> traceroute_map(["www.google.co.uk", "www.secdev.org"])

To use those functions, it is required to have installed the geoip2 module, its database (direct download) but also the cartopy module.

 

果然行禮如儀呦☺

root@kali:~# python
Python 2.7.15+ (default, Aug 31 2018, 11:56:52) 
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
>>> conf.geoip_city = "/root/test/GeoLite2-City_20181030/GeoLite2-City.mmdb"
>>> ans,uans = traceroute(["www.google.co.uk", "www.secdev.org"], verbose=0)

>>> ans.world_trace()

 

 

【After closing the Scapy window】

>>> 
[<matplotlib.collections.LineCollection object at 0x6cf7f4f0>, [<matplotlib.lines.Line2D object at 0x6ced7570>], [<matplotlib.lines.Line2D object at 0x6ced76d0>], [<matplotlib.lines.Line2D object at 0x6ced7670>], [<matplotlib.lines.Line2D object at 0x6ced7950>], [<matplotlib.lines.Line2D object at 0x6ced7bf0>], [<matplotlib.lines.Line2D object at 0x6ced7e90>], [<matplotlib.lines.Line2D object at 0x6ceee170>], [<matplotlib.lines.Line2D object at 0x6ceee430>], <matplotlib.collections.LineCollection object at 0x6ced75b0>, [<matplotlib.lines.Line2D object at 0x6cef7030>], [<matplotlib.lines.Line2D object at 0x6cef7090>], [<matplotlib.lines.Line2D object at 0x6cef7130>], [<matplotlib.lines.Line2D object at 0x6cef73d0>], [<matplotlib.lines.Line2D object at 0x6cef7690>], [<matplotlib.lines.Line2D object at 0x6cef7950>], [<matplotlib.lines.Line2D object at 0x6cef7c10>], [<matplotlib.lines.Line2D object at 0x6cef7ed0>], [<matplotlib.lines.Line2D object at 0x6ce811b0>], [<matplotlib.lines.Line2D object at 0x6ce81470>], [<matplotlib.lines.Line2D object at 0x6ce81730>], [<matplotlib.lines.Line2D object at 0x6ce819f0>], [<matplotlib.lines.Line2D object at 0x6ce81cb0>], [<matplotlib.lines.Line2D object at 0x6ce81f70>], [<matplotlib.lines.Line2D object at 0x6ce8a250>], [<matplotlib.lines.Line2D object at 0x6ce8a510>], [<matplotlib.lines.Line2D object at 0x6ce8a7d0>], [<matplotlib.lines.Line2D object at 0x6ce8aa90>], [<matplotlib.lines.Line2D object at 0x6ce8ad50>], [<matplotlib.lines.Line2D object at 0x6ce93030>], [<matplotlib.lines.Line2D object at 0x6ce932f0>], [<matplotlib.lines.Line2D object at 0x6ce935b0>], [<matplotlib.lines.Line2D object at 0x6ce93870>], [<matplotlib.lines.Line2D object at 0x6ce93b30>], [<matplotlib.lines.Line2D object at 0x6ce93df0>]]
>>>

 

怎知在『筆記本』環境下，卻『無圖』也☻

 

幾經『推敲』，多次閱讀『原始碼』，發現

ax.remove()

被擦掉了啊★

修正之後

 def world_trace(self):
        """Display traceroute results on a world map."""

        # Check that the geoip2 module can be imported
        # Doc: http://geoip2.readthedocs.io/en/latest/
        try:
            # GeoIP2 modules need to be imported as below
            import geoip2.database
            import geoip2.errors
        except ImportError:


            ax.add_collection(line_col)
            # Create map points
            lines.extend([ax.plot(*x, marker='.', color=color) for x in trc])

        # Generate legend
        ax.legend()

        # Call show() if matplotlib is not inlined
        if not MATPLOTLIB_INLINED:
            plt.show()
※ 修正
         ### 
            ax.remove()

        # Clean
        # ax.remove()
         ###

        # Return the drawn lines
        return lines

 

實出現其後的矣☆

 

 

 

 

 

 

 

如果說

tcpdump

tcpdump 是一個執行在命令列下的嗅探工具。它允許用戶攔截和顯示傳送或收到過網路連接到該電腦的TCP/IP和其他封包。tcpdump 是一個在BSD授權條款下釋出^[2]的自由軟體。

tcpdump 適用於大多數的類Unix系統 作業系統：包括Linux、Solaris、BSD、Mac OS X、HP-UX和AIX 等等。在這些系統中，tcpdump 需要使用libpcap這個捕捉資料的庫。其在Windows下的版本稱為WinDump；它需要WinPcap驅動，相當於在Linux平台下的libpcap.

 

一個『取』字

pcap

In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windowsuses a port of libpcap known as WinPcap.

Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.

The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or use an object-oriented wrapper.

Features

libpcap and WinPcap provide the packet-capture and filtering engines of many open source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.

libpcap and WinPcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap or WinPcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. A capture file saved in the format that libpcap and WinPcap use can be read by applications that understand that format, such as tcpdump, Wireshark, CA NetMaster, or Microsoft Network Monitor 3.x.

The MIME type for the file format created and read by libpcap and WinPcap is application/vnd.tcpdump.pcap. The typical file extension is .pcap, although .cap and .dmp are also in common use.^[4]

History

libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.^[5] It is now developed by the same tcpdump.org group that develops tcpdump.^[6]

 

開天下！

那麼 Scapy 補上『送』『收』二字真言，修『大盜』耶？

 

 

 

 

 

 

 

想必讀者已經知道『網路封包』︰

Network packet

A network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data,^[1] which is also known as the payload. Control information provides data for delivering the payload, for example: source and destination network addresses, error detection codes, and sequencing information. Typically, control information is found in packet headers and trailers.

In packet switching, the bandwidth of the communication medium is shared between multiple communication sessions, in contrast to circuit switching, in which circuits are preallocated for the duration of one session and data is typically transmitted as a continuous bit stream.

Terminology

In the seven-layer OSI model of computer networking, packet strictly refers to a protocol data unit at layer 3, the network layer. The correct term for a data unit at layer 2, the data link layer, is a frame, and at Layer 4, the transport layer, the correct term is segment or datagram. For TCP/IP communication over Ethernet, a TCP segment is carried in one or more IP packets, which are each carried in one or more Ethernet frames.

Architecture

The basis of the packet concept is the postal letter: the header is like the envelope, the payload is the entire content inside the envelope, and the footer would be your signature at the bottom. .^[2]

Network design can achieve two major results by using packets: error detection and multiple host addressing.^{[citation needed]}

Framing

Different communications protocols use different conventions for distinguishing between the elements of a packet and for formatting the user data. For example, in Point-to-Point Protocol, the packet is formatted in 8-bit bytes, and special characters are used to delimit the different elements. Other protocols like Ethernet, establish the start of the header and data elements by their location relative to the start of the packet. Some protocols format the information at a bit level instead of a byte level.

Contents

A packet may contain any of the following components:

Addresses

The routing of network packets requires two network addresses, the source address of the sending host, and the destination address of the receiving host.

Error detection and correction

Error detection and correction is performed at various layers in the protocol stack. Network packets may contain a checksum, parity bits or cyclic redundancy checks to detect errors that occur during transmission.

At the transmitter, the calculation is performed before the packet is sent. When received at the destination, the checksum is recalculated, and compared with the one in the packet. If discrepancies are found, the packet may be corrected or discarded. Any packet loss due to these discards is dealt with by the network protocol.

In some cases modifications of the network packet may be necessary while routing, in which cases checksums are recalculated.

Hop counts

Under fault conditions packets can end up traversing a closed circuit. If nothing was done, eventually the number of packets circulating would build up until the network was congested to the point of failure. A time to live is a field that is decreased by one each time a packet goes through a network node. If the field reaches zero, routing has failed, and the packet is discarded.

Ethernet packets have no time-to-live field and so are subject to broadcast radiation in the presence of a switch loop.

Length

There may be a field to identify the overall packet length. However, in some types of networks, the length is implied by the duration of transmission.

Priority

Some networks implement quality of service which can prioritize some types of packets above others. This field indicates which packet queue should be used; a high priority queue is emptied more quickly than lower priority queues at points in the network where congestion is occurring.

Payload

In general, payload is the data that is carried on behalf of an application. It is usually of variable length, up to a maximum that is set by the network protocol and sometimes the equipment on the route. When necessary, some networks can break a larger packet into smaller packets.

Example: IP packets

IP packets are composed of a header and payload. The header consists of fixed and optional fields. Then the data that packet carries is added. An IP packet has no trailer. However, an IP packet is often carried as the payload inside an Ethernet frame, which has its own header and trailer.

Many networks do not provide guarantees of delivery, non-duplication of packets, or in-order delivery of packets, e.g., the UDP protocol of the Internet. However, it is possible to layer a transport protocol on top of the packet service that can provide such protection;TCP and UDP are the best examples of layer 4, the Transport Layer, of the seven layered OSI model.

 

正是 Scapy 的核心『物件』 Object 也。

故而內建各種打造以及顯示『數據包』之指令齊全☆

宜乎嫻熟於『指尖』的呦◎

 

 

 

 

 

 

 

為著方便讀者先窺 Scapy 全豹，免迷失於使用手冊裡的規範森林、指令汪洋，茲以『域名系統』 DNS 為例︰

Domain Name System

The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System has been an essential component of the functionality of the Internet since 1985.

The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault-tolerant service and was designed to avoid a single large central database.

The Domain Name System also specifies the technical functionality of the database service that is at its core. It defines the DNS protocol, a detailed specification of the data structures and data communication exchanges used in the DNS, as part of the Internet Protocol Suite.

The Internet maintains two principal namespaces, the domain name hierarchy^[1] and the Internet Protocol (IP) address spaces.^[2] The Domain Name System maintains the domain name hierarchy and provides translation services between it and the address spaces. Internet name servers and a communication protocol implement the Domain Name System.^[3] A DNS name server is a server that stores the DNS records for a domain; a DNS name server responds with answers to queries against its database.

The most common types of records stored in the DNS database are for Start of Authority (SOA), IP addresses (A and AAAA), SMTP mail exchangers (MX), name servers (NS), pointers for reverse DNS lookups (PTR), anddomain name aliases (CNAME). Although not intended to be a general purpose database, DNS has been expanded over time to store records for other types of data for either automatic lookups, such as DNSSEC records, or for human queries such as responsible person (RP) records. As a general purpose database, the DNS has also been used in combating unsolicited email (spam) by storing a real-time blackhole list (RBL). The DNS database is traditionally stored in a structured text file, the zone file, but other database systems are common.

The hierarchical Domain Name System for class Internet, organized into zones, each served by a name server

……

DNS message format

The DNS protocol uses two types of DNS messages, queries and replies, and they both have the same format. Each message consists of a header and four sections: question, answer, authority, and an additional space. A header field (flags) controls the content of these four sections.^[1]

The header section contains the following fields: Identification, Flags, Number of questions, Number of answers, Number of authority resource records (RRs), and Number of additional RRs. The identification field can be used to match responses with queries. The flag field consists of several sub-fields. The first is a single bit which indicates if the message is a query (0) or a reply (1). The second sub-field consists of four bits indicating the type of query, or the type of query this message is a response to. 0 is a standard query, 1 an inverse query, 2 is a server status request. A single-bit sub-field indicates if the DNS server is authoritative for the queried hostname. Another single-bit sub-field indicates if the client wants to send a recursive query (“RD”). The next single-bit sub-field indicates if the replying DNS server supports recursion (“RA”), as not all DNS servers are configured to do this task. Another sub-field indicates if the message was truncated for some reason (“TC”), and a four-bit sub-field is used for error codes. The question section contains the domain name and type of record (A, AAAA, MX, TXT, etc.) being resolved. The domain name is broken into discrete labels which are concatenated; each label is prefixed by the length of that label. The answer section has the resource records of the queried name. A domain name may occur in multiple records if it has multiple IP addresses associated.^[24]

DNS Protocol transport

DNS primarily uses the User Datagram Protocol (UDP) on port number 53 to serve requests.^[3] DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. When the length of the answer exceeds 512 bytes and both client and server support EDNS, larger UDP packets are used. Otherwise, the query is sent again using the Transmission Control Protocol (TCP). TCP is also used for tasks such as zone transfers. Some resolver implementations use TCP for all queries.

………

 

一探 nslookup

NSLOOKUP(1)                          BIND9                         NSLOOKUP(1)

NAME
       nslookup - query Internet name servers interactively

SYNOPSIS
       nslookup [-option] [name | -] [server]

DESCRIPTION
       Nslookup is a program to query Internet domain name servers.  Nslookup
       has two modes: interactive and non-interactive. Interactive mode allows
       the user to query name servers for information about various hosts and
       domains or to print a list of hosts in a domain. Non-interactive mode
       is used to print just the name and requested information for a host or
       domain.

ARGUMENTS
       Interactive mode is entered in the following cases:

        1. when no arguments are given (the default name server will be used)

        2. when the first argument is a hyphen (-) and the second argument is
           the host name or Internet address of a name server.
...

 

root@kali:~# nslookup scapy.net
Server:		5.168.168.1
Address:	5.168.168.1#53

Non-authoritative answer:
Name:	scapy.net
Address: 104.25.115.13
Name:	scapy.net
Address: 104.25.114.13
Name:	scapy.net
Address: 2606:4700:20::6819:720d
Name:	scapy.net
Address: 2606:4700:20::6819:730d

 

基本功能如何實作也☆

 

 

 

 

 

 

 

作者不知蘇伯玉是歸是不歸？一杯『可以清心也』之茶，望『清』者己能『千回百轉』，解者自能消酷暑之永晝！！

說道這個規範堆疊，分解的說也許可以圖示如下︰

上圖各色分明，左說其名，右講程式所用，中道其事。

精讀細思后，設想作這樣『一個包裹著另一個』的事有什麼好處呢 ？其實這就是就層層對應中之某層而言『上中下』相關的譯解結構，在上的目的語言為在『其中』者分割譯解成在下的手段控制。這使得越往上，技術細節將被越多層所包裹而不必知其詳，所以寫網際網路應用軟體的人，通常知道 TCP/IP 界面的 API 用法就夠了，很少會直接用到乙太網的實體層界面。當然愈向下所知的技術細節也就愈多，也許有時發生的『狀況』超出程式的預期時會很有用。在此將它綜合成一個表解吧︰

彼接點信號之發送	↑↓←→ 層對層 上語下 列言列	↓↑→← 列知列 下道上 層應層	此節點訊息之接收
彼上上‧目的	↓	↑	此上上‧目的
彼上‧目的語言	↓	↑	此上‧目的語言
轉譯彼上之目的 話成彼下之手段	←→ 堆言疊語 彼文此解	←→ 疊語堆言 此字彼譯	轉翻此上之目的 說解此下之手段
彼下‧手段文字	↓	↑	此下‧手段文字
彼下下‧手段	↓	↑	此下下‧手段

─── 《啃一塊唄 K TCPIP！！下》

 

該學的太多，該知的太廣︰

TCP/IP協定套組

網際網路協定（英語：Internet Protocol Suite，縮寫IPS）^[1]是一個網路通訊模型，以及一整個網路傳輸協定家族，為網際網路的基礎通訊架構。它常被通稱為TCP/IP協定套組（英語：TCP/IP Protocol Suite，或TCP/IP Protocols），簡稱TCP/IP^[2]。因為該協定家族的兩個核心協定：TCP（傳輸控制協定）和IP（網際網路協定），為該家族中最早通過的標準^[3]。由於在網路通訊協定普遍採用分層的結構，當多個層次的協定共同工作時，類似電腦科學中的堆疊，因此又被稱為TCP/IP協定疊（英語：TCP/IP Protocol Stack）^[4][5] 。這些協定最早發源於美國國防部（縮寫為DoD）的ARPA網專案，因此也被稱作DoD模型（DoD Model）^[6]。這個協定套組由網際網路工程任務組負責維護。

TCP/IP提供點對點的連結機制，將資料應該如何封裝、定址、傳輸 、路由以及在目的地如何接收，都加以標準化。它將軟體通訊過程抽象化為四個抽象層，採取協定堆疊的方式，分別實作出不同通訊協定。協定套組下的各種協定，依其功能不同，被分別歸屬到這四個階層之中^[7][8]，常被視為是簡化的七層OSI模型。

TCP/IP參考模型

兩個網際網路主機通過兩個路由器和對應的層連接。各主機上的應用通過一些資料通道相互執行讀取操作。

RFC 1122中描述的沿著不同的層應用資料的封裝遞減

TCP/IP參考模型是一個抽象的分層模型，這個模型中，所有的TCP/IP系列網路協定都被歸類到4個抽象的”層”中。每一抽象層建立在低一層提供的服務上，並且為高一層提供服務。 完成一些特定的任務需要眾多的協定協同工作，這些協定分布在參考模型的不同層中的，因此有時稱它們為一個協定疊。 TCP/IP參考模型為TCP/IP協定疊訂身製作。其中IP協定只關心如何使得資料能夠跨越本地網路邊界的問題，而不關心如何利用傳輸媒體，資料如何傳輸。整個TCP/IP協定疊則負責解決資料如何通過許許多多個對等通路（一個對等通路，也稱為一”跳”, 1 hop）順利傳輸，由此不同的網路成員能夠在許多”跳”的基礎上建立相互的資料通路。 如想分析更普遍的網路通訊問題，ISO的OSI模型也能起更好的幫助作用。 網際網路協定套組是一組實現支援網際網路和大多數商業網路執行的協定疊的網路傳輸協定。它有時也被稱為TCP/IP協定組，這個名稱來源於其中兩個最重要的協定：傳輸控制協定（TCP）和網際網路協定（IP），它們也是最先定義的兩個協定。 同許多其他協定一樣網路傳輸協定也可以看作一個多層組合，每層解決資料傳輸中的一組問題並且向使用這些低層服務的高層提供定義好的服務。高層邏輯上與用戶更為接近，所處理資料更為抽象，它們依賴於低層將資料轉換成最終能夠進行實體控制的形式。 網路傳輸協定能夠大致符合到一些廠商喜歡使用的固定7層的OSI模型。然而這些層並非都能夠很好地與基於ip的網路對應（根據應用的設計和支援網路的不同它們確實是涉及到不同的層）並且一些人認為試圖將網際網路協定組對應到OSI會帶來混淆而不是有所幫助。

網際網路協定疊中的層

人們已經進行一些討論關於如何將TCP/IP參考模型對映到OSI模型。由於TCP/IP和OSI模型組不能精確地符合，還沒有一個完全正確的答案。 另外，OSI模型下層還不具備能夠真正占據真正層的位置的能力；在傳輸層和網路層之間還需要另外一個層（網路互連層）。特定網路類型專用的一些協定應該執行在網路層上，但是卻執行在基本的硬體影格交換上。類似協定的例子有位址解析協定和生成樹協定（用來保持冗餘網橋的空閒狀態直到真正需要它們）。然而，它們是本地協定並且在網路互連功能下面執行。不可否認，將兩個組（更不用說它們只是執行在如ICMP等不同的互連網路協定上的邏輯上的網路層的一部分）整個放在同一層會引起混淆，但是OSI模型還沒有複雜到能夠做更好的工作。 下面的圖表試圖顯示不同的TCP/IP和其他的協定在最初OSI模型中的位置：

7	應用層 application layer	例如HTTP、SMTP、SNMP、FTP、Telnet、SIP、SSH、NFS、RTSP、XMPP、Whois、ENRP
6	表現層 presentation layer	例如XDR、ASN.1、SMB、AFP、NCP
5	會議層 session layer	例如ASAP、SSH、ISO 8327 / CCITT X.225、RPC、NetBIOS、ASP、IGMP、Winsock、BSD sockets
4	傳輸層 transport layer	例如TCP、UDP、TLS、RTP、SCTP、SPX、ATP、IL
3	網路層 network layer	例如IP、ICMP、IPX、BGP、OSPF、RIP、IGRP、EIGRP、ARP、RARP、X.25
2	資料連結層 data link layer	例如乙太網路、令牌環、HDLC、影格中繼、ISDN、ATM、IEEE 802.11、FDDI、PPP
1	實體層 physical layer	例如線路、無線電、光纖

通常人們認為OSI模型的最上面三層（應用層、表現層和會議層）在TCP/IP組中是一個應用層。由於TCP/IP有一個相對較弱的會議層，由TCP和RTP下的開啟和關閉連接組成，並且在TCP和UDP下的各種應用提供不同的埠號，這些功能能夠被單個的應用程式（或者那些應用程式所使用的庫）增加。與此相似的是，IP是按照將它下面的網路當作一個黑盒子的思想設計的，這樣在討論TCP/IP的時候就可以把它當作一個獨立的層。

4	應用層 application layer	例如HTTP、FTP、DNS （如BGP和RIP這樣的路由協定，儘管由於各種各樣的原因它們分別執行在TCP和UDP上，仍然可以將它們看作網路層的一部分）
3	傳輸層 transport layer	例如TCP、UDP、RTP、SCTP （如OSPF這樣的路由協定，儘管執行在IP上也可以看作是網路層的一部分）
2	網路互連層 internet layer	對於TCP/IP來說這是網際網路協定（IP） （如ICMP和IGMP這樣的必須協定儘管執行在IP上，也仍然可以看作是網路互連層的一部分；ARP不執行在IP上）
1	網路埠層 link layer	例如乙太網路、Wi-Fi、MPLS等。

 

最好的辦法是

借助工具，創造環境☺

Usage

 

逍遙游也◎