Protocols and the OSI Model – CompTIA Security+ SY0-401: 1.4


The OSI model is a useful description of data as is flows out of one computing device, across the network, and into another device. In this video, you’ll learn how the real-world maps to the world of the OSI model.

<< Previous Video: Common Network PortsNext: Wireless Encryption >>


Although the OSI model is a guideline, it is a model. We can take aspects of the real world and fit them into the different layers of the OSI model. So I thought it would be good to take some things that we know about and start filling in the different layers, all the way from Layer 1 up through Layer 7.

If we start at the bottom, the signaling layer, when we think about that, that physical layer is really dealing with connectivity. We’re talking about cables. We’re talking about interfaces. We’re talking about network interface cards, and in some cases even hubs, since we are talking about having or repeating information as it’s passing through. And a hub is nothing more than a multi-port repeater.

The second layer or data link layer is where we would start to see the actual frames being created and put on to the network. So at the most basic level of a frame, we’re talking about MAC addresses, at least in the Ethernet world. You may also see the term Extended Unique Identifier. And this is an IEEE trademark term, an EUI-48 or an EUI-64, which refers to the format, the 48-bit and the 64-bit format, of a physical address.

We also know that switches work at this layer. When they see a MAC address, it then looks up in its table where it should be sending that MAC address. So all the forwarding decisions made by switches happen at this Layer 2, the data link control layer of the OSI model.

The network layer is where we start to see network addresses. And so the OSI model certainly expects IP addresses to be at this layer. Of course, that’s where our routers work as well, since routers make their routing decisions and their forwarding decisions based on these Layer 3 addresses, these network addresses.

And we often refer to this segment of a frame as a packet. So everything at this Layer 3 and above is inside of a packet. And we’re packetizing or sending this information across the network, all of this happening at Layer 3.

Layer 4 of the OSI model is our transport layer. And just as the name implies, these are the protocols that are transporting information from one side of the network to the other. So this is where you would expect to see TCP, our Transmission Control Protocol, and UDP, our User Datagram Protocol. And obviously, these work very differently.

TCP when it sends information expects to get an acknowledgement back. UDP sends information and has no idea if that data got there or not. No acknowledgements are sent back as part of the UDP protocols. But both of these protocols, since they are transporting information, fit nicely at this Layer 4 of the OSI model.

Our session layer is where we might see control protocols being used to set up a session or tear down a session. These are also protocols that might be used to set up tunnels between one station and another. And those are tunneled into the next layer, Layer 6, our presentation layer. If we’re doing any type of encryption, if we’re going to a website and we’re sending encrypted data back and forth or receiving encrypted data that we need to decrypt, all of that process takes place at this Layer 6 and gets it ready to present to us, which is really going to be at Layer 7.

Finally at Layer 7 is where we see the email. We see the decrypted information, the decrypted website or web page that we were asking for. All that happens there. So every time we send information, it starts at Layer 7, works its way all the way down to Layer 1, goes across the network. And at the other end, it performs exactly the same thing all the way back up to Layer 7 again.

If we were to look at this in a protocol decode, it would almost map exactly to what we were just looking at. For instance, this is a screenshot from a Wireshark session where I just grabbed communication to I think it was Google Mail that I was doing. And in this particular case, we can see that we start with a frame. So we’re really talking about this Layer 1, Layer 2 functionality. In fact, there is the MAC addresses, the Layer 2 address of the source device, and the Layer 2 address of what in this case was a Netgear router getting it ready to send out across the internet.

At the Layer 3 internet protocol, you can see my source IP addresses here. And I was indeed talking to Google Mail. And you can see the IP address of Google Mail, so that clears up Layer 3 for us.

Obviously, information is being transported within this Google Mail communication, so we’re using transmission control protocol, the Layer 4 of your OSI model. Here’s your source port. There’s the destination port, 443, which tells me this was web traffic that was encrypted. And then you have sequence numbers, acknowledgement numbers, and linked information.

Now, above this there’s not much that you can look at, because everything at this layer now up at the secure socket layer is all encrypted data. And it’s not uncommon to put Layers 5, 6, and 7 into their own little block and say everything above Layer 4 is the application. It’s setting up the session. It’s encrypting and decrypting data. It’s presenting information to you.

But that’s a very good example of how you can pull the packets right off the network, have a look at how those are presented to you, and map them back to the specific OSI layers. And that’s exactly what happened in this case is that I had an application, which was my Google Mail, which was then encrypted via SSL or TLS. It was sent down and transported via TCP across my network using IP addresses to communicate across those long distances. And just to get that data to my local router, I used MAC addresses at that data link layer to get it the hop along the way.

And of course, at last, that router was putting it on to the wire as electrical signals. Those electrical signals went across the internet, hopped through a number of routers along the way, so indeed it probably hopped up to Layer 3 and 4 along the way. And then finally, once it got to the other side, it was able to be recreated on Google’s server back up to the application layer.

So although we call this an OSI model, there are a lot of real-world connections to the way our applications work. And this is the way we’ll be able to communicate with other network professionals when they’re asking, where’s the problem, where are you seeing an issue, you can speak specifically to, I’m seeing an issue at Layer 3 with being able to communicate to that IP address. Or I’m seeing an issue at Layer 1, because I’m having physical layer connectivity issues. All of these work together to make sure that information can go back and forth. And as you can see, it’s not too hard to map what’s happening in the real world right back to our OSI model.