NE-01: OSI Model Deep Dive | Network Essentials

Learning Objectives

Name and describe all 7 layers of the OSI model
Identify the PDU (Protocol Data Unit) at each layer
Trace a packet through encapsulation and de-encapsulation
Map real protocols to their OSI layer
Explain why layered architecture matters for troubleshooting

Why the OSI Model?

The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes network communication into seven distinct layers. Developed by the ISO in 1984, it gives network engineers a common language for troubleshooting, design, and protocol development.

When a user loads a web page, data travels down through all seven layers on the sender's side, crosses the physical medium, and travels back up through all seven layers on the receiver's side. Each layer adds its own header (encapsulation) on the way down and strips it off (de-encapsulation) on the way up.

Exam Tip:

The mnemonic "Please Do Not Throw Sausage Pizza Away" maps to Physical, Data Link, Network, Transport, Session, Presentation, Application -- from Layer 1 to Layer 7.

The 7 Layers

Layer	Name	PDU	Key Protocols	Devices
7	Application	Data	HTTP, FTP, SMTP, DNS, SSH	Software / Proxy
6	Presentation	Data	SSL/TLS, JPEG, ASCII, MPEG	--
5	Session	Data	NetBIOS, RPC, PPTP	--
4	Transport	Segment / Datagram	TCP, UDP	Load Balancer
3	Network	Packet	IP, ICMP, OSPF, ARP	Router
2	Data Link	Frame	Ethernet, Wi-Fi (802.11), PPP	Switch, Bridge
1	Physical	Bits	Ethernet (physical), USB, DSL	Hub, Repeater, Cable

Layer 1 -- Physical

The physical layer handles raw bit transmission over a physical medium. It defines electrical signals, voltages, pin layouts, cable specifications, and data rates. This is where copper cables, fiber optics, and radio waves live.

Copper (UTP/STP) Cat5e up to 1 Gbps / 100m. Cat6a up to 10 Gbps / 100m. Electrical signals, susceptible to EMI.

Fiber Optic Single-mode: long distance (up to 80km). Multi-mode: short distance (up to 2km). Light pulses, immune to EMI.

Wireless Radio frequency transmission. 2.4 GHz and 5 GHz bands. Subject to interference and attenuation.

Encoding Manchester encoding, NRZ, 4B/5B. How 1s and 0s are represented as electrical or optical signals.

Layer 2 -- Data Link

The data link layer packages bits into frames and handles node-to-node delivery on the same network segment. It provides MAC addressing, error detection (CRC), and flow control. The layer is split into two sublayers: LLC (Logical Link Control) and MAC (Media Access Control).

/* Ethernet Frame Structure */ | Preamble | SFD | Dest MAC | Src MAC | Type/Len | Payload | FCS | | 7 bytes | 1B | 6 bytes | 6 bytes | 2 bytes | 46-1500B | 4B | /* Example MAC Address */ AA:BB:CC:DD:EE:FF OUI (vendor) Device ID /* The switch learns MAC addresses by reading the source MAC of incoming frames and mapping it to the ingress port. */

Switches operate at Layer 2. They build a MAC address table by examining source MACs on incoming frames, then forward frames only to the correct port -- avoiding unnecessary traffic on other ports.

Layer 3 -- Network

The network layer handles logical addressing (IP addresses) and routing. It determines the best path for data to travel across multiple networks. Routers operate at this layer, making forwarding decisions based on destination IP addresses.

/* IPv4 Header (simplified) */ | Version | IHL | TOS | Total Length | | Identification | Flags | Fragment Offset | | TTL | Protocol | Header Checksum | | Source IP Address | | Destination IP Address | /* TTL prevents infinite loops -- decremented at each hop. When TTL reaches 0, the packet is discarded and an ICMP Time Exceeded message is sent back. */

Layer 4 -- Transport

The transport layer provides end-to-end communication between applications. TCP offers reliable, ordered delivery with error correction. UDP offers fast, connectionless delivery without guarantees. Port numbers identify specific applications.

TCP (Reliable) Connection-oriented. Three-way handshake (SYN, SYN-ACK, ACK). Sequence numbers, acknowledgments, retransmission. Used by HTTP, SSH, FTP.

UDP (Fast) Connectionless. No handshake, no delivery guarantee. Lower overhead. Used by DNS, DHCP, VoIP, streaming, gaming.

/* TCP Three-Way Handshake */ Client --- SYN ---> Server // "I want to connect" Client <--- SYN-ACK --- Server // "OK, I acknowledge" Client --- ACK ---> Server // "Connection established"

Layers 5-7 -- Upper Layers

Session Layer (5) manages dialogs between applications. It establishes, maintains, and terminates sessions. Think of a video call -- the session layer keeps the connection alive and handles re-establishment if it drops.

Presentation Layer (6) handles data formatting, encryption, and compression. When your browser receives TLS-encrypted data and decompresses a GZIP response, that is presentation layer work. Character encoding (ASCII, Unicode) also lives here.

Application Layer (7) is the interface between network services and end-user applications. HTTP defines how web browsers request pages. SMTP defines how email is sent. DNS translates domain names to IP addresses. This layer does not include the applications themselves -- it provides the protocols they use.

Encapsulation Walkthrough

When you browse to https://hexworth.com, here is what happens at each layer:

Layer 7 (Application): HTTP GET request created Layer 6 (Presentation): TLS encrypts the payload Layer 5 (Session): TLS session is established/maintained Layer 4 (Transport): TCP segment added (src port 49152, dst port 443) Layer 3 (Network): IP header added (src 192.168.1.50, dst 104.21.32.1) Layer 2 (Data Link): Ethernet frame added (src MAC, dst MAC = gateway) Layer 1 (Physical): Converted to electrical/optical signals on the wire /* Each layer wraps the previous layer's output. The receiver strips headers in reverse order (de-encapsulation). */

OSI vs TCP/IP Model

The TCP/IP model (also called the Internet model) compresses the OSI's seven layers into four. In practice, most real-world protocols map to the TCP/IP model, but the OSI model remains the standard for teaching and troubleshooting.

OSI Layers	TCP/IP Layer	Example
7, 6, 5 -- Application, Presentation, Session	Application	HTTP, DNS, SMTP
4 -- Transport	Transport	TCP, UDP
3 -- Network	Internet	IP, ICMP
2, 1 -- Data Link, Physical	Network Access	Ethernet, Wi-Fi

Troubleshooting with the OSI Model

The OSI model provides a systematic approach to diagnosing network problems. Start at Layer 1 and work up:

Layer 1: Is the cable plugged in? Link light on? Correct cable type? Layer 2: Is the MAC address learned? Are there VLAN mismatches? STP blocking? Layer 3: Is the IP address correct? Can you ping the gateway? Routing issue? Layer 4: Is the port open? Firewall blocking TCP/UDP? Connection refused? Layer 7: Is the service running? DNS resolving? Application misconfigured?

Real-World Approach:

Most technicians use a "bottom-up" approach (start at Layer 1) for hardware problems and a "top-down" approach (start at Layer 7) for application problems. Knowing both strategies makes you effective at any level.

Key Takeaways

The OSI model has 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, Application
Each layer has a specific PDU: Bits, Frames, Packets, Segments, Data
Encapsulation wraps data with headers at each layer going down; de-encapsulation strips them going up
Switches operate at Layer 2 (MAC), Routers at Layer 3 (IP)
The TCP/IP model consolidates OSI into 4 practical layers
Use bottom-up or top-down OSI troubleshooting depending on the symptom