Networking Concepts -

Learn about the ISO OSI model and the TCP/IP protocol suite.

The OSI (Open Systems Interconnection) Model

The OSI (Open Systems Interconnection) model is a conceptual model developed by the
International Organization for Standardization (ISO) that describes how communications
should occur in a computer network. In other words, the OSI model defines a framework
for computer network communications. The OSI model is composed of seven layers:

1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

The numbering starts with the physical layer being layer 1, while the top layer, the
application layer, is layer 7. To help you remember the layers from bottom to top, you
can use a mnemonic such as “Please Do Not Throw Spinach Pizza Away.” Remembering
the OSI model layers with their layer numbers is important; otherwise, you will struggle
to understand terms such as “layer 3 switch” or “layer 7 firewall.”

Layer 1: Physical Layer

The physical layer, also referred to as layer 1, deals with the physical connection
between devices; this includes the medium, such as a wire, and the definition of the
binary digits 0 and 1. Data transmission can be via an electrical, optical, or wireless
signal. Consequently, we need data cables or antennas, depending on our physical
medium.

In addition to Ethernet cable, shown in the illustration below, and optical fibre cable,
examples of the physical layer medium include the WiFi radio bands, the 2.4 GHz band,
the 5 GHz band, and the 6 GHz band.

Layer 2: Data Link Layer

The physical layer defines a medium to transmit our signal. The data link layer, i.e., layer
2, represents the protocol that enables data transfer between nodes on the same
network segment. Let’s put it in simpler terms. The data link layer describes an
agreement between the different systems on the same network segment on how to
communicate. A network segment refers to a group of networked devices using a shared
medium or channel for information transfer. For example, consider a company office with
ten computers connected to a network switch; that’s a network segment.
Examples of layer 2 include Ethernet, i.e., 802.3, and WiFi, i.e., 802.11. Ethernet and
WiFi addresses are six bytes. Their address is called a MAC address, where MAC stands
for Media Access Control. They are usually expressed in hexadecimal format with a colon
separating each two hexadecimal digits (one byte). The three leftmost bytes identify the
vendor.

Layer 3: Network Layer

The data link layer focuses on sending data between two nodes on the same network
segment. The network layer, i.e., layer 3, is concerned with sending data between
different networks. In more technical terms, the network layer handles logical addressing
and routing, i.e., finding a path to transfer the network packets between the diverse
networks.

In the data link layer, we gave an example of one company office with ten computers,
where the data link layer is responsible for providing a connection between them. Let’s
say that this company has multiple offices distributed across various cities, countries, or
even continents. The network layer is responsible for connecting the different offices
together.

Examples of the network layer include Internet Protocol (IP), Internet Control Message
Protocol (ICMP), and Virtual Private Network (VPN) protocols such as IPSec and SSL/TLS
VPN.

Layer 4: Transport Layer

Layer 4, the transport layer, enables end-to-end communication between running
applications on different hosts. Your web browser is connected to the TryHackMe web
server over the transport layer, which can support various functions like flow control,
segmentation, and error correction.

Examples of layer 4 are Transmission Control Protocol (TCP) and User Datagram Protocol
(UDP).

Layer 5: Session Layer

The session layer is responsible for establishing, maintaining, and synchronising
communication between applications running on different hosts. Establishing a session
means initiating communication between applications and negotiating the necessary
parameters for the session. Data synchronisation ensures that data is transmitted in the
correct order and provides mechanisms for recovery in case of transmission failures.

Examples of the session layer are Network File System (NFS) and Remote Procedure Call
(RPC).

Layer 6: Presentation Layer

The presentation layer ensures the data is delivered in a form the application layer can
understand. Layer 6 handles data encoding, compression, and encryption. An example of
encoding is character encoding, such as ASCII or Unicode.

Various standards are used at the presentation layer. Consider the scenario where we
want to send an image via email. First, we use JPEG, GIF, and PNG to save our images;
furthermore, although hidden from the user by the email client, we use MIME
(Multipurpose Internet Mail Extensions) to attach the file to our email. MIME encodes a
binary file using 7-bit ASCII characters.

Layer 7: Application Layer

The application layer provides network services directly to end-user applications. Your
web browser would use the HTTP protocol to request a file, submit a form, or upload a
file.

The application layer is the top layer, and you might have encountered many of its
protocols as you use different applications. Examples of Layer 7 protocols are HTTP, FTP,
DNS, POP3, SMTP, and IMAP. Don’t worry if you are not familiar with all of them.

Layer Example Protocols and

Layer Name Main Function
Number Standards
Application Providing services and interfaces HTTP, FTP, DNS, POP3,
Layer 7
layer to applications SMTP, IMAP
Presentation Data encoding, encryption, and Unicode, MIME, JPEG,
Layer 6
layer compression PNG, MPEG
Establishing, maintaining, and
Layer 5 Session layer NFS, RPC
synchronising sessions
Transport End-to-end communication and
Layer 4 UDP, TCP
layer data segmentation
Network Logical addressing and routing
Layer 3 IP, ICMP, IPSec
layer between networks
Data link Reliable data transfer between Ethernet (802.3), WiFi
Layer 2
layer adjacent nodes (802.11)
Physical Electrical, optical, and
Layer 1 Physical data transmission media
layer wireless signals
 TCP/IP Model
In our presentation of the ISO OSI model, we went from bottom to top, from layer 1 to
layer 7. In this task, let’s look at things from a different perspective, from top to bottom.
From top to bottom, we have:

Application Layer: The OSI model application, presentation and session layers, i.e., layers
5, 6, and 7, are grouped into the application layer in the TCP/IP model.

 Transport Layer: This is layer 4.

 Internet Layer: This is layer 3. The OSI model’s network layer is called the Internet
layer in the TCP/IP model.
 Link Layer: This is layer 2.

The table below shows how the TCP/IP model layers map to the ISO/OSI model layers.

Layer TCP/IP Model (RFC

ISO OSI Model Protocols
Number 1122)
Application HTTP, HTTPS, FTP, POP3, SMTP, IMAP,
7 Application Layer
Layer Telnet, SSH,
Presentation
6
Layer
5 Session Layer
4 Transport Layer Transport Layer TCP, UDP
3 Network Layer Internet Layer IP, ICMP, IPSec
2 Data Link Layer Link Layer Ethernet 802.3, WiFi 802.11
1 Physical Layer

Many modern networking textbooks show the TCP/IP model as five layers instead of four.
For example, in Computer Networking: A Top-Down Approach 8th Edition, Kurose and
Ross describe the following five-layer Internet protocol stack by including the physical
layer:

 Application
 Transport
 Network
 Link
 Physical

IP Addresses and Subnets

Private Addresses
As we are explaining IP addresses, it is useful to mention that for most practical
purposes, there are two types of IP addresses:

 Public IP addresses
 Private IP addresses

RFC 1918 defines the following three ranges of private IP addresses:

 10.0.0.0 - 10.255.255.255 (10/8)

 172.16.0.0 - 172.31.255.255 (172.16/12)
 192.168.0.0 - 192.168.255.255 (192.168/16)

We presented earlier an analogy stating that a public IP address is like your home postal
address. A private IP address is different; the original idea is that it cannot reach or be
reached from the outside world. It is like an isolated city or a compound, where all
houses and apartments are numbered systematically and can easily exchange mail with
each other, but not with the outside world. For a private IP address to access the
Internet, the router must have a public IP address and must support Network Address
Translation (NAT).

UDP and TCP

UDP (User Datagram Protocol)
UDP (User Datagram Protocol) allows us to reach a specific process on this target host.
UDP is a simple connectionless protocol that operates at the transport layer, i.e., layer 4.
Being connectionless means that it does not need to establish a connection. UDP does
not even provide a mechanism to know that the packet has been delivered.

An IP address identifies the host; we need a mechanism to determine the sending and
receiving process. This can be achieved by using port numbers. A port number uses two
octets; consequently, it ranges between 1 and 65535; port 0 is reserved. (The number
65535 is calculated by the expression 216 − 1.)

A real-life example similar to UDP is the standard mail service, with no delivery
confirmation. In other words, there is no guarantee that the UDP packet has been
received successfully, similar to the case of sending a parcel using standard mail with no
confirmation of delivery. In the case of standard mail, it means a cheaper cost than the
mail delivery options with confirmation. In the case of UDP, it means better speed than a
transport protocol that provides “confirmation.”

TCP (Transmission Control Protocol)

TCP (Transmission Control Protocol) is a connection-oriented transport protocol. It uses
various mechanisms to ensure reliable data delivery sent by the different processes on
the networked hosts. Like UDP, it is a layer 4 protocol. Being connection-oriented, it
requires the establishment of a TCP connection before any data can be sent.

In TCP, each data octet has a sequence number; this makes it easy for the receiver to
identify lost or duplicated packets. The receiver, on the other hand, acknowledges the
reception of data with an acknowledgement number specifying the last received octet.

A TCP connection is established using what’s called a three-way handshake. Two flags
are used: SYN (Synchronise) and ACK (Acknowledgment). The packets are sent as
follows:

1. SYN Packet: The client initiates the connection by sending a SYN packet to the
server. This packet contains the client’s randomly chosen initial sequence number.
2. SYN-ACK Packet: The server responds to the SYN packet with a SYN-ACK packet,
which adds the initial sequence number randomly chosen by the server.
3. ACK Packet: The three-way handshake is completed as the client sends an ACK
packet to acknowledge the reception of the SYN-ACK packet.

Similar to UDP, TCP identifies the process of initiating or waiting (listening) for a
connection using port numbers. As stated, a valid port number ranges between 1 and
65535 because it uses two octets and port 0 is reserved.

Encapsulation
Encapsulation is a way to restrict the direct access to some components of an object, so
users cannot access state values for all of the variables of a particular object.

Encapsulation is an essential concept as it allows each layer to focus on its intended

function. We have the following four steps:

1. Application data: It all starts when the user inputs the data they want to send into
the application. For example, you write an email or an instant message and hit the
send button. The application formats this data and starts sending it according to
the application protocol used, using the layer below it, the transport layer.
2. Transport protocol segment or datagram: The transport layer, such as TCP or UDP,
adds the proper header information and creates the TCP segment (or UDP
datagram). This segment is sent to the layer below it, the network layer.
3. Network packet: The network layer, i.e. the Internet layer, adds an IP header to the
received TCP segment or UDP datagram. Then, this IP packet is sent to the layer
below it, the data link layer.
4. Data link frame: The Ethernet or WiFi receives the IP packet and adds the proper
header and trailer, creating a frame.
We start with application data. At the transport layer, we add a TCP or UDP header to
create a TCP segment or UDP datagram. Again, at the network layer, we add the proper
IP header to get an IP packet that can be routed over the Internet. Finally, we add the
appropriate header and trailer to get a WiFi or Ethernet frame at the link layer.

The process has to be reversed on the receiving end until the application data is
extracted.

The Life Of A Packet

Based on what we have studied so far, we can explain a simplified version of the
packet’s life. Let’s consider the scenario where you search for a room on TryHackMe.

1. On the TryHackMe search page, you enter your search query and hit enter.
2. Your web browser, using HTTPS, prepares an HTTP request and pushes it to the
layer below it, the transport layer.
3. The TCP layer needs to establish a connection via a three-way handshake between
your browser and the TryHackMe web server. After establishing the TCP
connection, it can send the HTTP request containing the search query. Each TCP
segment created is sent to the layer below it, the Internet layer.
4. The IP layer adds the source IP address, i.e., your computer, and the destination IP
address, i.e., the IP address of the TryHackMe web server. For this packet to reach
the router, your laptop delivers it to the layer below it, the link layer.
5. Depending on the protocol, The link layer adds the proper link layer header and
trailer, and the packet is sent to the router.
6. The router removes the link layer header and trailer, inspects the IP destination,
among other fields, and routes the packet to the proper link. Each router repeats
this process until it reaches the router of the target server.

The steps will then be reversed as the packet reaches the router of the destination
network.

TelNet (Teletype Network)

The TELNET (Teletype Network) protocol is a network protocol for remote terminal
connection. In simpler words, telnet, a TELNET client, allows you to connect to and
communicate with a remote system and issue text commands. Although initially it was
used for remote administration, we can use telnet to connect to any server listening on a
TCP port number.