Introduction to the OSI Model

In the beginning, the development of networks was chaotic. Each vendor had its own proprietary solution. The bad part was that one vendor’s solution was not compatible with another vendor’s solution. This is where the idea for the OSI model was born, having a layered approach to networks our hardware vendors would design hardware for the network, and others could develop software for the application layer. Using an open model which everyone agrees on means we can build networks that are compatible with each other.



To fix this problem the International Organization for Standardization (ISO) researched different network models and the result is the OSI-model which was released in 1984. Nowadays most vendors build networks based on the OSI model and hardware from different vendors is compatible….excellent!

The OSI-model isn’t just a model to make networks compatible; it’s also one of the BEST ways to teach people about networks. Keep this in mind since when you are studying networking you will see people refer a lot to the OSI model.

Here’s what the OSI model looks like:

OSI Model

 All People Seem To Need Data Processing”

 This is the OSI-model which has seven layers; we are working our way from the bottom to the top. Let’s start at the physical layer:

  • Physical Layer: This layer describes stuff like voltage levels, timing, physical data rates, physical connectors and so on. Everything you can “touch” since it’s physical.
  • Data Link: This layer makes sure data is formatted the correct way, takes care of error detection and makes sure data is delivered reliably. This might sound a bit vague, but for now, try to remember this is where “Ethernet” lives. MAC Addresses and Ethernet frames are on the Data Link layer.
  • Network: This layer takes care of connectivity and path selection (routing). This is where IPv4 and IPv6 live. Every network device needs a unique address on the network.
  • Transport: The transport layer takes care of transport. When you downloaded this lesson from the Internet the webpage was sent in segments and transported to your computer.
    • TCP lives here; it’s a protocol which sends data in a reliable way.
    • UDP lives here; it’s a protocol which sends data in an unreliable way.

I’m taking a short break here, these four layers that I just described are important for networking, and the upper three layers are about applications.

  • Session: The session layer takes care of establishing, managing and termination of sessions between two hosts. When you are browsing a website on the internet you are probably not the only user of the webserver hosting that website. This webserver needs to keep track of all the different “sessions”.
  • Presentation: This one will make sure that information is readable for the application layer by formatting and structuring the data. Most computers use the ASCII table for characters. If another computer would use another character like EBCDIC then the presentation layer needs to “reformat” the data so both computers agree on the same characters.
  • Application: Here are your applications. E-mail, browsing the web (HTTP), FTP and many more.

  People Do Need To See Pamela Anderson”

This one normally gives me more smiles when I’m teaching CCNA in class and it’s another way to remember the OSI-Model.

P = Physical
D = Data Link
N = Network
T = Transport
S = Session
P = Presentation
A = Application

Remember that you can’t skip any layers in the OSI-model, it’s impossible to jump from the Application layer directly to the Network layer. You always need to go through all the layers to send data over the network.

Let’s take a look at a real-life example of data transmission:


  1. You are sitting behind your computer and want to download some files of a local webserver. You start up your web browser and type in the URL of your favorite website. Your computer will send a message to the web server requesting a certain web page. You are now using the HTTP protocol which lives on the application layer.
  2. The presentation layer will structure the information of the application in a certain format.
  3. The session layer will make sure to separate all the different sessions.
  4. Depending on the application, you want a reliable (TCP) or unreliable (UDP) protocol to transfer data towards the web server. In this case, it’ll choose TCP since you want to make sure the webpage makes it to your computer. We’ll discuss TCP and UDP later.
  5. Your computer has a unique IP address (for example 192.168.1.1) and it will build an IP packet. This IP packet will contain all the data of the application, presentation and session layer. It also specifies which transport protocol it’s using (TCP in this case) and the source IP address (your computer 192.168.1.1) and the destination (the web server’s IP address).
  6. The IP packet will be put into an Ethernet Frame. The Ethernet frame has a source MAC address (your computer) and the destination MAC address (web server). More about Ethernet and MAC addresses later.
  7. Finally, everything is converted into bits and sent down the cable using electric signals.

Once again, you are unable to “skip” any layers of the OSI model. You always have to work your way through ALL layers. If you want a real-life story converted to networking land just think about the postal service:

  1. First, you write a letter.
  2. You put the letter in an envelope.
  3. You write your name and the name of the receiver on the envelope.
  4. You put the envelope in the mailbox.
  5. The content of the mailbox will go to the central processing office of the postal service.
  6. Your envelope will be delivered to the receiver.
  7. They open the envelope and read its contents.

If you put your letter directly in the mailbox it won’t be delivered. Unless someone at the postal office is friendly enough to deliver it anyway, in network-land it doesn’t work this way! Going from the application layer all the way down to the physical layer is what we call encapsulation. Going from the physical layer and working your way up to the application layer is called de-encapsulation.

Now you know about the OSI-model, the different layers and the function of each layer. During peer-to-peer communication, each layer has ‘packets of information’. We call these protocol data units (PDU). Now every unit has a different name on the different layers:

  • Transport layer: Segments; For example, we talk about TCP segments.
  • Network layer: Packets; For example, we talk about IP packets here.
  • Data link layer: Frames; For example, we talk about Ethernet frames here.

This is just terminology, so don’t mix up talking about IP frames and Ethernet packets…

OSI Model in Action

All this talk about layers is nice and all but what about some action? We can see the different layers of the OSI model in action if we capture our network traffic on our computer.

To do this, we will download Wireshark.

Wireshark is a network capture tool that allows us to capture all packets that we receive/transmit on our computer and we can take a look at them.

Once you have downloaded and installed Wireshark, select the “Options” in the Capture menu:

wireshark capture options

You will now see an overview with all your network cards:

wireshark capture interfaces

In my case, it’s the Ethernet interface that I want to capture. Hit Start and it will capture all packets entering and exiting this interface. It will look like this:

wireshark capture overview

You will see a lot of stuff, don’t worry about what you see here. As you learn more about networking, you will also learn more about the different networking protocols and their packets / frames. We are going to capture one single frame and take a closer look at it. To do this, we will use a filter so that Wireshark only shows this traffic:

wireshark capture filter

In the green bar on the top left, enter the following filter:

http.host=="cisco.com"

Now open your web browser and open http://cisco.com. Once the website has loaded, take a look at Wireshark:

wireshark filter cisco website

A single packet will show up with the request from our browser to fetch the Cisco.com website. At the bottom half of the screen, we can take a look at the contents of this frame. Let me break it down for you:

wireshark layer one

The first piece of information has been added by Wireshark. It tells us that we received an Ethernet frame that is 908 bytes. It also shows the arrival time. Here’s the second part:

Wireshark layer two

Above we see layer two of the OSI model. This is the Ethernet frame and it shows the source and destination MAC addresses. It also tells us the type, in this case, our Ethernet frame contains an IPv4 packet. Let’s check it out:

wireshark layer three

Above we see the IP packet. This is layer three of the OSI model. Don’t worry about all the different fields here, we will cover it later. Two things you can recognize at the top are the source and destination IP addresses. Let’s continue:

Wireshark Layer Four

Above we see layer four of the OSI model. We are using TCP as the transport protocol here (which we will discuss later in detail). Last but not least, the last layer of the OSI model:

Wireshark layer seven

Above you see layer seven, the application layer. Note that you don’t see a separate session and/or presentation layer here. You can see some information about the HTTP protocol here. We used a GET request to fetch cisco.com and the user-agent I used is Mozilla (Firefox).

Want to take a look at this yourself? You can download my capture file:

Wireshark Capture HTTP Cisco.com

Conclusion

You have now learned about the OSI model and its different layers. You have also seen how this applies to the real world with a packet capture in Wireshark. In other lessons, you will see that we use Wireshark quite often to look at different networking protocols and their inner workings.

Forum Replies

  1. Durga,
    The Internet would break :slight_smile:

    Seriously, it would, and here’s why: Let’s say we tried to use MAC addresses as a layer 3 identity for communicating between devices at a distance (not on the same local network). MAC addresses are burned into the network cards by the manufacturer, and each card has a unique MAC (in theory). The problem comes when you are trying to keep track of who is where. The reason that the Internet is able to function now is primary due to a protocol called BGP that figures out the best way to get from one IP address to another.

    Even t

    ... Continue reading in our forum

  2. Hi Sreejith,

    I would say SONET/SDH belongs to layer 1. It specifies the physical layer and you can run different L2 protocols (including Ethernet) on top of it. It’s not like frame-relay which has a clear specification of L1 + L2.

    The main difference is that the physical layer is different between SONET on one end and Ethernet on a LAN on the other side. When you receive something from the SONET side, it goes from the physical layer to the data link layer and you end up with an Ethernet frame. The outgoing interface is selected, the frame goes from the data lin

    ... Continue reading in our forum

  3. When I learned the OSI Model years ago. I’ve always like this saying.

    Please, Don’t, Never, Throw, Sausage, Pizza, Away

  4. Hello Iynkaran

    First of all, the application layer is not where the actual applications on your computer function. These software applications sit on top of the OSI model and are not actually part of it. The application layer is the layer where protocols such as HTTP/HTTPS, FTP, SMTP, IMAP and others function. These protocols are then leveraged by software applications. This is what makes software applications “network aware” if you will.

    From a practical standpoint, the model that is primarily used in today’s networks is the TCP/IP model. This model incor

    ... Continue reading in our forum

  5. Yes. Thank you, Lagapides. It does make it more clear and believe he was speaking about the upper layers from session and up. Depending on application is being used.

49 more replies! Ask a question or join the discussion by visiting our Community Forum