The OSI Model
What is the OSI model?
How a single bit travels from one computer to the next is a complex concept. In 1984, the open systems interconnection (OSI) model was published as a framework for network communication. The model breaks down computer network communication into seven layers. All of the layers work together to create a digital message. The message is built as it moves down the protocol stack. However, it is not sent to another network until it reaches the physical layer.
The model helps IT, computer science, and cybersecurity professionals understand how a single bit travels from one computer to the next by breaking the system into these layers.
From physical devices to user interfaces (UI), this model explains the communication role of each layer in overall computer networking. This article will start by introducing the Physical Layer (Layer 1).
Layer 1: the physical layer
The physical layer is where data moves across network interfaces as digital signals. Additionally, this is where the transmitting and receiving of network communication occurs. Starting with the Application Layer the message moves down the OSI model, and it eventually reaches the Physical Layer for transmission. When the message is received by the physical layer, the message will then move up the OSI layers until it reaches the final application layer.
Layer 2: data-link layer
Electrical signals received (or transmitted) to the physical layer are linked and translated to digital logic in the data-Link layer. Computer devices may be networked at the Data-Link layer, but only as a Local Area Network (LAN). Connecting a LAN to another LAN occurs at Layer 3.
Within Layer 2, the Protocol Data Unit (PDU) known as a frame consists of a header, footer, and data. Understanding how a frame is structured is important for network traffic analysis.
Additionally, within Layer 2, physical addresses are assigned and are also known as MAC addresses and/or hardware addresses in networking. MAC addresses are unique to each device on a local network. They are 48-bits in length and are assigned in hexadecimal characters.
Some other things to note about Layer 2 is that there are a few protocols that reside in it that we should know about:
- Ethernet: The most common type of LAN, Ethernet is the standard used to connect computing devices, routers, and switches in a wired network.
- IEEE 802.11: “Wi-Fi” or “Wireless LAN.”
- Fiber Distributed Data Interface (FDDI): Network standard for fiber optic LAN connections.
- Link Layer Discovery Protocol (LLDP): A Link Layer protocol used for advertising neighbors, identity, and capabilities on a LAN.
- Address Resolution Protocol (ARP): Converts and links Internet Protocol (IP) addresses to MAC addresses on a LAN.
- Cisco Discovery Protocol (CDP): Similar to LLDP, but Cisco proprietary. The protocol collects neighbor information of directly connected LAN devices.
Additionally, Layer 2 is split into two sublayers:
- Logical Link Control (LLC): Responsible for establishing the logical link between devices on a local network.
- Media Access Control (MAC): Responsible for the procedures used by devices across a network medium.
Layer 3: network layer
When we think of the internet, we are thinking of interconnected networks. Interconnecting networks refer to a Local Area Network (LAN) connection to neighboring or remote networks. Layer 3 of the OSI model, the network layer, is where internetworking takes place and is where logical addresses are assigned to networked devices. A primary function of this layer is to route network packets from one LAN to another. Routing requires IP addresses and logical mapping of other networks across the internet to properly deliver messages. Another important function of Layer 3 is its ability to fragment and reassemble large communication. When Layer 3 passes a message down to Layer 2 for transmission, message length limits may be encountered in some cases.
Additionally, Layer 3 is the layer where the protocols used to route communication between networks reside. A few common network protocols are:
- Internet Protocol (IP): IPv4 and IPv6 are two versions of IP, and IPv4 is the most common protocol of the Internet.
- Internet Protocol Secure (IPSec): A more secure version of IP which leverages cryptography.
- Routing Information Protocol (RIP): Distance-vector routing protocol that uses hop count as a metric of routing.
- Enhanced Interior Gateway Routing Protocol (EiGRP): Cisco proprietary. A distance-vectoring protocol used for automating network configurations and routing decisions.
- Internet Control Message Protocol (ICMP): Network protocol used for error reporting of network issues.
- Border Gateway Protocol (BGP): A routing protocol designed to exchange routing information automatically on the internet.
Within Layer 3, the Protocol Data Unit (PDU) is the packet. Packets encapsulate data intended for transmission with header and footer data.
The IPv4 protocol encapsulates data with IPv4 header information necessary for delivery. For example, the 32-bit packet format contains the source address, the destination address, protocol, time-to-live (TTL), etc. in the IPv4 header data.
Layer 4: transport layer
The transport layer, Layer 4, is responsible for being the go-between the abstract layers of the OSI model (Layers 7-5) and the concrete communication layers (Layers 3-1).
Depending on the type of application, the transportation of that application’s communication will need to be handled in a specific way. For example, basic web browsing communication uses Hypertext Transfer Protocol (HTTP). HTTP communicates via a specific connection service type and port. The transport layer is responsible for delivering/receiving the HTTP communication and maintaining the connection throughout the HTTP communication.
The Protocol Data Unit (PDU) at Layer 4 is known as a data segment. Segmentation is the process of dividing raw data into smaller pieces. Once the raw data is packaged from the higher application layers it is segmented at the transport layer before being passed to the Network Layer.
The transport layer protocols are divided into two categories depending on their connection service type:
This connection type establishes a logical connection between two devices prior to beginning communication across a network. Connection-oriented protocols typically maintain service connection by following a set of rules that initiate, negotiate, manage, and terminate the communication. The Transport Layer protocols will also retransmit any data that is received without acknowledgment. The most common Connection-Oriented protocol is the Transmission Control Protocol (TCP) and its process to manage a connection between two devices is called the Three-Way Handshake. In TCP communication, the communicating devices typically share a client/server relationship where a client initiates communication with a service. The handshake involves the process of sending special TCP messages to synchronize a state of negotiated connection in communication.
In connectionless communication, the protocol does not establish a connection between client and server. Instead, once a request is made to the server, the server sends all data without initiation, negotiation, or management of connection. Connectionless protocols also do not attempt to correct any interruptions in data transmission. Once the server sends the data, the server is not concerned if the client receives it.
When TCP or UDP are used to establish communication, the communication is assigned a port as the Layer 4 address. A port is a logical assignment given to processes and their respective application protocols on a computing system. A few important facts to memorize about ports are:
- There are 65,535 valid port numbers available to assign to a communication process.
- Ports 0 - 1023 are Well-Known Ports: Assigned to universal TCP/IP application protocols. These protocols are the most common such as HTTPS, SSH, FTP, DNS, and the list goes on. They are registered to these protocols by a global
- Ports 1024 - 49,151 are Registered Ports: Reserved for application protocols that are not specified as universal TCP/IP application protocols.
- Ports 49,152 - 65,535 are Private/Dynamic Ports: These ports may be used for any process without the need to register the port with the global assigning authority.
- When TCP and IP are used together, a Layer 4 port and a Layer 3 IP address are assigned to the connection. This is called a socket. For example, 188.8.131.52:443 is a socket indicating that communication to IP address 184.108.40.206 is to connect to port 443 on the server.
Layer 5: session layer
The session layer starts, manages, and terminates sessions between end-user application processes. Sessions are considered the persistent connection between devices. A session is application-focused; sessions are not concerned with layers 1-4. Instead, the session layer controls dialog between two networked devices. It is considered to facilitate host-to-host communication. Sessions dialog may be controlled through synchronization checkpoints, and through management of communication modes. There are two modes of communication permitted at Layer 5:
- Half-Duplex: Communication travels in both directions between sender and receiver, but only one device may transmit a message at a time.
- Full-Duplex: Communication travels in both directions between sender and receiver, and messages may be sent simultaneously in either direction.
The session layer resembles a phone conversation. For example, when a person picks up a phone and calls someone else a session is created. Once the communication on the call is completed, the session is terminated by hanging up the phone. In computing, software applications are making the phone call and establishing a session.
Two common Layer 5 protocols still used today are:
- Remote Procedure Call (RPC)
Layer 6: presentation layer
The presentation layer is primarily responsible for presenting data so that the recipient will understand the data. Data formatting and encoding protocols apply at Layer 6 to ensure data is legible and presented properly in the application receiving it. Data compression is also a function of Layer 6. If necessary, data may be compressed to improve data throughput over network communication.
Some common Layer 6 protocols are ASCII, JPEG, GIF, MPEG, and PNG.
Another main function of the presentation layer is the encryption and decryption of data sent across a network. Most encryption communication protocols straddle multiple layers of the OSI model, but the actual encryption function is Layer 6.
Two of the most common secure communication protocols are:
- Transport Layer Security (TLS)
- Secure Socket Layer (SSL)
Layer 7: application layer
The topmost layer of the OSI model is the application layer. On computer systems, applications display information to the user via the UI.
Note: Software applications running on a computer are NOT considered to reside in the application layer. Instead, they leverage application layer services and protocols that enable network communication.
For example, the user can craft messages and access the network from the application layer. A web browser application allows a user to access a web page. The user may input information and receive information through the web browser. However, the application layer protocol HTTP performs the network communication function. The web browser and HTTP work closely together, and the distinction between the two may be subtle. Yet, HTTP is the web browsing protocol for all web browser applications. In contrast, no single web browser software exclusively utilizes HTTP.
HTTP is one of many common application layer protocols. Below are a few additional protocols to know. It is also good practice to memorize the associated port assigned to the protocols:
|Domain Name System (DNS)
|Translates internet names to their globally registered IP addresses. For example, “google.com” is registered in global DNS as IP address 220.127.116.11.
|Hypertext Transfer Protocol Secure (HTTPS)
|Sends data to and from web browsers and web servers, but securely with the Secure Socket Layer (SSL) protocol.
|File Transfer Protocol FTP
|Transfers files from a client to a server and vice versa.
|Secure Shell (SSH)
|Connects to computers remotely and in a secure, encrypted way.
|Simple Mail Transfer Protocol (SMTP)
|Sends and receives email.
|Dynamic Host Configuration Protocol (DHCP)
|Automatically assigns IP addresses to devices on a network.
|Internet Relay Chat (IRC)
|Used in a client/server method. IRC clients communicate through an IRC server.
|Post Office Protocol 3 (POP3)
|110 (unsecured), 995 (secured)
|Used for email where the client receives mail by downloading it locally to a computer from a server mailbox.
The OSI model breaks down computer network communication into seven layers. All of the layers work together to create a digital message. Understanding the OSI model will help you communicate with other network technologists. Computer networking may seem complex, but, with a bit of study, you can gain this knowledge to become an effective Cybersecurity Analyst.