What is the OSI model? The Open Systems Interconnection (OSI) model is a conceptual model created by the International Organization for Standardization (ISO) which enables diverse communication systems to communicate using standard protocols. In plain English, the OSI provides a standard for different computer systems to be able to communicate with each other. The OSI model can be seen as a universal language for computer networking. It ’ s based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last. Simply speaking this model helps you figure out on which level a problem resides and very useful for troubleshooting network problems. Whether it ’ s one person who can ’ t get their laptop on the Internet, or a web site being down for thousands of users, the OSI model can help to break down the problem and isolate the source of the trouble. If the problem can be narrowed down to one specific layer of the model, a lot of unnecessary work can be avoided. Encapsulation is preparing & passing the data by any upper layer to the Lower layer. That basically means, going from the application layer all the way down to the physical layer. Decapsulation is vice-versa encapsulation. This decoding data while going Upwards from the physical layer until the application layer. L7-L5 are called Upper layers or Host layers. They usually work with an application and not with the hardware itself. L4 is mostly software-controlled L 3 -L1 are called Lower layers or Media layers. They usually work with the hardware When data unit is traversing (encapsulating) from L7 to L1 units wrap by a header, puts on the top of a unit. So when it reaches to L1 this will look like this: [Bits] - L1 [Frame Header] - L2 [Network header] - L3 [Transport header] - L4 [Data] - L7 - L5 The reverse happens when data units go from L1 to L7 Layers strip headers. In order for human-readable information to be transferred over a network from one device to another, the data must travel down the seven layers of the OSI model on the sending device and then travel up the seven layers on the receiving end. For example : Mr. Cooper wants to send Ms. Palmer an email. Mr. Cooper composes his message in an email application on his laptop and then hits ‘ send ’ His email application will pass his email message over to the application layer, which will pick a protocol (SMTP) and pass the data along to the presentation layer. The presentation layer will then compress the data and then it will hit the session layer, which will initialize the communication session. The data will then hit the sender ’ s transportation layer where it will be segmented, then those segments will be broken up into packets at the network layer, which will be broken down even further into frames at the data link layer. The data link layer will then deliver those frames to the physical layer, which will convert the data into a bitstream of 1s and 0s and send it through a physical medium, such as a cable. Once Ms. Palmer ’ s computer receives the bit stream through a physical medium (such as her wifi), the data will flow through the same series of layers on her device, but in the opposite order. First the physical layer will convert the bitstream from 1s and 0s into frames that get passed to the data link layer. The data link layer will then reassemble the frames into packets for the network layer. The network layer will then make segments out of the packets for the transport layer, which will reassemble the segments into one piece of data. The data will then flow into the receiver's session layer, which will pass the data along to the presentation layer and then end the communication session. The presentation layer will then remove the compression and pass the raw data up to the application layer. The application layer will then feed the human-readable data along to Ms. Palmer ’ s email software, which will allow her to read Mr. Cooper ’ s email on her laptop screen. 1. Physical Layer: The physical layer is responsible for the transmission and reception of raw unstructured data bits over a physical medium. It defines the electrical, and functional characteristics of the physical interface between devices. 2. Data Link Layer: The data link layer handles the reliable transmission of data frames between directly connected nodes over a physical link. It provides error detection and correction, flow control, and handles access to the physical medium. Ethernet, Wi-Fi, and PPP (Point-to-Point Protocol) are examples of data link layer protocols. 3. Network Layer: The network layer enables the routing of data packets across different networks. It deals with logical addressing and determines the best path for data delivery based on network conditions and routing protocols. The IP (Internet Protocol) is a key network layer protocol. 4. Transport Layer: The transport layer ensures the reliable and orderly delivery of data between end systems. It breaks data into smaller segments, manages end-to-end communication, and provides error recovery, flow control, and congestion control. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at this layer. 5. Session Layer: The session layer establishes, manages, and terminates communication sessions between applications. It provides synchronization and dialog control mechanisms to enable seamless communication between devices. This layer also handles session checkpointing and recovery. 6. Presentation Layer: The presentation layer is responsible for data representation, encryption, compression, and formatting. It ensures that data sent by the application layer of one system is understandable by the application layer of another system. This layer deals with data syntax and semantics. 7. Application Layer: The application layer is the closest layer to the end-user and provides services directly to user applications. It includes protocols for various application-level services such as file transfer, email, web browsing, and remote access. Examples of protocols at this layer include HTTP, SMTP, FTP, and DNS. The key idea behind the OSI model is to separate the complex task of network communication into manageable layers, with each layer focused on specific functions. This modular approach facilitates interoperability, ease of implementation, and troubleshooting in network systems. The OSI model remains a useful reference for understanding network communication and protocols. Detailed explanation Layer 7-The Application Layer This is the only layer that directly interacts with data from the user. Software applications like web browsers and email clients rely on the application layer to initiate communications. But it should be made clear that client software applications are not part of the application layer; rather the application layer is responsible for the protocols and data manipulation that the software relies on to present meaningful data to the user. Application layer protocols include HTTP , HTTPS, FTP, SFTP, DNS as well as SMTP (Simple Mail Transfer Protocol is one of the protocols that enables email communications), etc. Layer 6-The presentation layer This layer is primarily responsible for preparing data so that it can be used by the application layer; in other words, layer 6 makes the data presentable for applications to consume. The presentation layer is responsible for translation, encryption and compression of data. Two communicating devices communicating may be using different encoding methods, so layer 6 is responsible for translating incoming data into a syntax that the application layer of the receiving device can understand If the devices are communicating over an encrypted connection, layer 6 is responsible for adding the encryption on the sender ’ s end as well as decoding the encryption on the receiver's end so that it can present the application layer with unencrypted, readable data (usually through SSL/TLS). Finally, the presentation layer is also responsible for compressing data it receives from the application layer before delivering it to layer 5. This helps improve the speed and efficiency of communication by minimizing the amount of data that will be transferred, moreover, data compression may be of two types: lossy (data integrity isn't guaranteed) or lossless (data integrity is guaranteed). Layer 5-The session layer This is the layer responsible for opening and closing communication between the two devices. The time between when the communication is opened and closed is known as the session. The session layer ensures that the session stays open long enough to transfer all the data being exchanged, and then promptly closes the session in order to avoid wasting resources. The session layer also synchronizes data transfer with checkpoints. For example, if a 100 megabyte file is being transferred, the session layer could set a checkpoint every 5 megabytes. In the case of a disconnect or a crash after 52 megabytes have been transferred, the session could be resumed from the last checkpoint, meaning only 50 more megabytes of data need to be transferred. Without the checkpoints, the entire transfer would have to begin again from scratch. Usually, the main tasks of L5 is authentication and authorization , downloads files as data packets, session L4 -T he transport layer This layer is separated by two protocols like Transport Control Protocol and User Datagram Protocol. TCP is following connection-oriented transmission. It's slower but provides feedback (HTTP, FTP, etc). UDP is following connectionless transmission. It's faster but doesn't provide feedback and used when we don't care about the fullness of data (video games, music, movies, etc.). Layer 4 is responsible for end-to-end communication between the two devices. This includes taking data from the session layer and breaking it up into chunks called segments (or datagrams in case of UDP) before sending it to layer 3. The transport layer on the receiving device is responsible for reassembling the segments into data the session layer can consume. The transport layer is also responsible for flow control and error control,. Flow control determines an optimal speed of transmission to ensure that a sender with a fast connection doesn ’ t overwhelm a receiver with a slow connection. The transport layer performs error control on the receiving end by ensuring that the data received is complete , and checks checksums of data units and make use of automatic repeat request if it isn ’ t. L3 -T he network layer The network layer is responsible for facilitating data transfer between two different networks. If the two devices communicating are on the same network, then the network layer is unnecessary. The network layer breaks up segments from the transport layer into smaller units, called packets, on the sender ’ s device, and reassembling these packets on the receiving device. The network layer also finds the best physical path for the data to reach its destination; this is known as routing. Main duties of this layer usually are logical addressing (IPv4, IPv6, mask, IP), routing (to whom send packets), Path determination (Open Shortest Path First, Border Gateway Protocol, intermediate system-intermediate system). L2 -T he data link layer The data link layer is very similar to the network layer, except the data link layer facilitates data transfer between two devices on the SAME network. The data link layer takes packets from the network layer and breaks them into smaller pieces called frames. Like the network layer, the data link layer is also responsible for flow control and error control in intra-network communication (The transport layer only does flow control and error control for inter-network communications). Duties usually are logical addressing (network layer), physical addressing (data link layer via MAC addresses of Network Interface Card, Switches), access media, controls how data is placed and received from the media (media access control, error detection). L1 -T he physical layer This layer includes the physical equipment involved in the data transfer, such as the cables and switches. This is also the layer where the data gets converted into a bit stream, which is a string of 1s and 0s. The physical layer of both devices must also agree on a signal convention so that the 1s can be distinguished from the 0s on both devices. Acronyms These acronyms are useful to remember the OSI model. All People Seem To Need Data Processing ( L7 - L1 ). Please Do Not Throw Sausage Pizza Away ( L1 - L7 ). Transport layer ports TCP/IP Model The TCP/IP model, also known as the Internet Protocol Suite, is the conceptual framework for communication protocols used on the internet and similar networks. It defines how data should be packetized, addressed, transmitted, routed, and received to reach its destination. The model is named after two of its most important protocols: the Transmission Control Protocol (TCP) and the Internet Protocol (IP). Layers of the TCP/IP Model The TCP/IP model is organized into four distinct layers, each responsible for specific aspects of data communication: 4. Application Layer Category Range Comments Well Known Ports 0 - 1023 Used by system processes e.g. SSH(22), DNS(53), FTP(21), etc. Registered Ports 1024- 49151 For specific services e.g. PostgreSQL(5432), Redis(6379), etc. Private Ports 49152- 65535 For private purposes e.g. to run an application Purpose: The Application Layer is the topmost layer of the TCP/IP model and is closest to the end-user. It provides protocols that allow software applications to communicate with each other across the network. Functions: Facilitates communication between applications on different devices. Provides protocols for email (SMTP), file transfer (FTP), web browsing (HTTP/HTTPS), and more. Manages application-specific data formats and ensures that data is properly packaged for transmission. Examples of Protocols: HTTP, HTTPS, FTP, SMTP, DNS, Telnet,SSH. 3. Transport Layer Purpose: The Transport Layer is responsible for ensuring reliable data transfer between devices. It manages end-to-end communication, error-checking, and flow control. Functions: Provides connection-oriented communication using TCP, ensuring data is delivered reliably and in the correct order. Supports connectionless communication using UDP (User Datagram Protocol) for faster, but less reliable, data transmission. Handles segmentation and reassembly of data into packets for transmission. Manages error detection and recovery, as well as flow control to prevent network congestion. Examples of Protocols: TCP, UDP. 2. Internet Layer Purpose: The Internet Layer is responsible for logical addressing, routing, and packet forwarding. It determines the best path for data to travel from the source to the destination. Functions: Assigns IP addresses to devices on the network, ensuring that data is sent to the correct destination. Routes data packets across multiple networks and devices, using IP addresses to determine the best path. Manages packet fragmentation and reassembly, breaking down large data packets into smaller ones for efficient transmission. Examples of Protocols: IP (Internet Protocol), ICMP (Internet Control Message Protocol), ARP (Address Resolution Protocol), IGMP (Internet Group Management Protocol). 1. Network Access Layer (Link Layer) Purpose: The Network Access Layer, also known as the Link Layer, is responsible for the physical transmission of data over the network. It deals with the hardware and media used to transmit data, such as cables, switches, and wireless signals. Functions: Encapsulates data into frames for transmission over the physical medium. Handles MAC (Media Access Control) addresses to identify devices on the same local network. Manages access to the physical network, determining how data is placed onto the network medium. Detects and corrects errors that may occur during the physical transmission of data. Examples of Protocols: Ethernet, Wi-Fi (IEEE 802.11), ARP (Address Resolution Protocol). Importance of the TCP/IP Model The TCP/IP model is foundational to the modern internet and has been widely adopted as the standard for networking protocols. It is simpler and more flexible than other networking models, such as the OSI (Open Systems Interconnection) model, which makes it more practical for real-world applications. Understanding the TCP/IP model is essential for anyone working in networking, cybersecurity, or IT infrastructure, as it underpins the protocols and technologies that keep the internet and other networks running smoothly. OSI VS TCP/IP TCP/IP stands for Transmission Control Protocol/ Internet Protocol. It is specifically designed as a model to offer highly reliable and end-to-end byte stream over an unreliable internetwork. OSI Layer OSI TCP/IP Layer TCP/IP Protocol Data Unit 7 Application 4 Application Data 6 Presentation 4 Application Data 5 Session 4 Application Data 4 Transport 3 Transport Segments 3 Network 2 Internet Packets 2 Data Link 1 Network Access Frames 1 Physical 1 Network Access Bits TCP, UDP, and the Three-Way Handshake TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two commonly used transport layer protocols in computer networks. TCP is a connection-oriented protocol that provides reliable, ordered, and error-checked delivery of data packets over an IP network. It guarantees that data sent from one device is received correctly by the destination device. TCP achieves this reliability through mechanisms like acknowledgement, retransmission, and flow control. It breaks data into smaller packets, assigns sequence numbers to them, and ensures they are reassembled correctly at the receiving end. TCP is widely used for applications that require guaranteed delivery, such as web browsing, email, file transfer, and remote login. UDP, on the other hand, is a connectionless protocol that does not provide the same level of reliability as TCP. It is simpler and more lightweight, making it suitable for applications that can tolerate some data loss or delay. UDP does not establish a connection or guarantee delivery of packets. It simply sends data packets from one device to another without waiting for acknowledgements or retransmissions. UDP is commonly used for real-time applications like streaming media, online gaming, DNS (Domain Name System), and VoIP (Voice over IP). The three-way handshake is a process used by TCP to establish a connection between two devices. It is a sequence of three steps that takes place before data transmission can begin. Here's how the three-way handshake works: 1. SYN (Synchronize): The initiating device (often referred to as the client) sends a TCP packet with the SYN flag set to the destination device (often referred to as the server). This packet indicates the desire to establish a connection and includes an initial sequence number. 2. SYN-ACK (Synchronize-Acknowledge): Upon receiving the SYN packet, the destination device responds with a TCP packet that has both the SYN and ACK (acknowledge) flags set. This packet acknowledges the receipt of the initial SYN packet and also includes its own initial sequence number. 3. ACK (Acknowledge): Finally, the initiating device acknowledges the SYN-ACK packet by sending an ACK packet back to the destination. This packet confirms the establishment of the connection and typically contains an incremented sequence number. Once the three-way handshake is complete, the connection is established, and both devices are ready to exchange data. The sequence numbers exchanged during the handshake are used to ensure that data is transmitted and received in the correct order. In summary, TCP is a reliable, connection-oriented protocol that guarantees delivery of data, while UDP is a simpler, connectionless protocol that does not provide the same level of reliability. The three-way handshake is a process used by TCP to establish a connection between devices, involving the exchange of SYN, SYN-ACK, and ACK packets. Protocol Description Domain Name System (DNS) Resolves internet names to IP addresses. Secure Shell (SSH) Used to provide remote access to servers and networking devices. Simple Mail Transfer Protocol (SMTP) Sends email messages and attachments from clients to servers and from servers to other email servers. Post Office Protocol (POP) Used by email clients to retrieve email and attachments from a remote server. Internet Message Access Protocol (IMAP) Used by email clients to retrieve email and attachments from a remote server. Dynamic Host Used to automatically configure devices with IP addressing and other Protocol Description Configuration Protocol (DHCP) necessary information to enable them to communicate over the internet. Hypertext Transfer Protocol (HTTP) Used by web browsers to request web pages and web servers to transfers the files that make up web pages of the World Wide Web. File Transfer Protocol (FTP) Used for interactive file transfer between systems. Common Ports and Protocols Here are some commonly used ports and the protocols associated with them in computer networking: FTP (File Transfer Protocol): Port 21 (TCP) SSH (Secure Shell): Port 22 (TCP) Telnet: Port 23 (TCP) SMTP (Simple Mail Transfer Protocol): Port 25 (TCP) DNS (Domain Name System): Port 53 (TCP and UDP) HTTP (Hypertext Transfer Protocol): Port 80 (TCP) HTTPS (Hypertext Transfer Protocol Secure): Port 443 (TCP) DHCP (Dynamic Host Configuration Protocol): Port 67 (UDP) and Port 68 (UDP) POP3 (Post Office Protocol version 3): Port 110 (TCP) IMAP (Internet Message Access Protocol): Port 143 (TCP) SNMP (Simple Network Management Protocol): Port 161 (UDP) NTP (Network Time Protocol): Port 123 (UDP) SMB (Server Message Block): Port 445 (TCP) FTPS (FTP over SSL/TLS): Port 990 (TCP) TFTP (Trivial File Transfer Protocol): Port 69 (UDP) LDAP (Lightweight Directory Access Protocol): Port 389 (TCP and UDP) MySQL: Port 3306 (TCP) RDP (Remote Desktop Protocol): Port 3389 (TCP) Please note that some protocols use both TCP and UDP, depending on the specific functionality and requirements. Additionally, these port assignments are not exhaustive, and other applications and services may use different ports as well. Networks and Hosts The logical 32-bit IPv4 address is hierarchical and is made up of two parts, the network and the host. In the figure, the network portion is blue, and the host portion is red. Both parts are required in an IPv4 address. Both networks have the subnet mask 255.255.255.0. The subnet mask is used to identify the network on which the host is connected. As an example, there is a host with an IPv4 address 192.168.5.11 with a subnet mask of 255.255.255.0. The first three octets, (192.168.5), identify the network portion of the address, and the last octet, (11) identifies the host. This is known as hierarchical addressing because the network portion indicates the network on which each unique host address is located. Routers only need to know how to reach each network, rather than needing to know the location of each individual host. With IPv4 addressing, multiple logical networks can exist on one physical network if the network portion of the logical network host addresses is different. For example: three hosts on a single, physical local network have the same network portion of their IPv4 address (192.168.18) and three other hosts have different network portions of their IPv4 addresses (192.168.5). The hosts with the same network number in their IPv4 addresses will be able to communicate with each other, but will not be able to communicate with the other hosts without the use of routing. In this example, there is one physical network and two logical IPv4 networks. Another example of a hierarchical network is the telephone system. With a telephone number, the country code, area code, and exchange represent the network address and the remaining digits represent a local phone number. IP address fundamentals Network devices typically have the following three identities: Physical address. MAC address. Logical address. IP address. Hostname. Useful for humans to recognize the device. A workstation has three identities: hostname, IP address and MAC address. In the case of IPv4 addresses, each host has a unique IP address on the network, and nodes rely on it to exchange information. Data breaks down into pieces, known as packets, which then travel across the network. Each packet contains a source and destination IP address, much like postal service mail includes a destination and return address on the envelope. Source and destination IP addresses are much like sender and receiver addresses on envelopes. Administrators can subdivide networks into smaller, more manageable sections. This process lets them control the flow of network traffic, isolate traffic to increase security and limit traffic to certain areas of the network to improve performance. These network segments are called subnetworks, or subnets. Each subnet has a unique identifier within the larger network ID. When administrators divide a network into parts, such as engineering and finance, the address structure is based on numbers. IP address classes IPv4 addresses divide into five classes. The primary difference between the first three classes -- Class A, Class B and Class C -- is the number of subnets versus the number of hosts per subnet. The following table outlines the details between IP address classes. Name First octet Number of subnets Number of hosts Description Class A 1 to 126 126 Approximately 16.7 million Many hosts per network. Class B 128 to 191 16,384 65,536 Many hosts per network. Class C 192 to 223 Approximately 2.1 million 254 Many networks with fewer hosts per network. Class D 224 to 239 n/a n/a Multicasting. Name First octet Number of subnets Number of hosts Description Class E 240 to 254 n/a n/a Experimental. Private IP address ranges Systems and sites on the public internet consume most of the roughly 4.3 billion available IPv4 addresses. However, private networks can reserve some ranges for internal use. Networks in home offices and businesses likely use one of these ranges. The following table defines private IPv4 address ranges. Reserved class Range Default subnet mask Description Class A 10.0.0.0 - 10.255.255.255 255.0.0.0 Larger networks with many hosts. Class B 172.16.0.0 - 172.31.255.255 255.255.0.0 Medium networks with a moderate number of hosts. Class C 192.168.0.0 - 192.168.255.255 255.255.255.0 Smaller networks with fewer hosts. Class A: The first octet (first 8 bits) of the IP address represents the network portion, and the remaining 3 octets (24 bits) represent the host portion. Class A networks have network addresses in the range 1.0.0.0 to 126.0.0.0, with a maximum of 16,777,214 host addresses per network. Class B: The first two octets (16 bits) represent the network portion, and the remaining two octets (16 bits) represent the host portion. Class B networks have network addresses in the range 128.0.0.0 to 191.255.0.0, with a maximum of 65,534 host addresses per network. Class C: The first three octets (24 bits) represent the network portion, and the last octet (8 bits) represents the host portion. Class C networks have network addresses in the range 192.0.0.0 to 223.255.255.0, with a maximum of 254 host addresses per network. Class D: These are reserved for multicast addresses, used for one-to-many communications. The address range for Class D is 224.0.0.0 to 239.255.255.255. Class E: These are reserved for experimental and future use. The address range for Class E is 240.0.0.0 to 255.255.255.255. Public IP address ranges Public IP addresses are ==any IP addresses that are not part of a private IP address range==. There are many public IP address ranges, including: 1.0.0.0 – 9.255.255.255 11.0.0.0 – 126.255.255.255 129.0.0.0 – 169.253.255.255 169.255.0.0 – 172.15.255.255 172.32.0.0 – 191.0.1.255 192.0.3.0 – 192.88.98.255 192.88.100.0 – 192.167.255.255 192.169.0.0 – 198.17.255.255 198.20.0.0 – 223.255.255.255 Public IP addresses are unique identifiers for devices connected to the internet. They are used by all servers and sites on the internet, such as google.com. In contrast, private IP addresses are used inside a network and can be reused on different private networks. A common default private IP address format is 192.168.