Tweet
The OSI Model — What Each Layer Does
This is your quick, practical guide to the 7-layer OSI model. Use it to understand where things break and how to fix them.
Why OSI?
It’s a mental map for networks. When something fails, you can ask: “Which layer is broken?” Then test that layer instead of guessing.
Layers (top → bottom) + what they actually do
Mnemonic: Please Do Not Throw Sausage Pizza Away (P-D-N-T-S-P-A from bottom to top)
Devices, protocols & examples
PDU names (what data is called per layer)
Encapsulation (big picture)
OSI ↔ TCP/IP model (quick map)
Troubleshooting by layer (checklist)
Wireshark filter cheat sheet by layer
Mini-labs you can try now
Common ports to remember (Transport layer)
Quick self-check (answer in a reply or spoiler)
[/code]
This is your quick, practical guide to the 7-layer OSI model. Use it to understand where things break and how to fix them.
Why OSI?
It’s a mental map for networks. When something fails, you can ask: “Which layer is broken?” Then test that layer instead of guessing.
Layers (top → bottom) + what they actually do
- Application — Apps talk here (HTTP, DNS, SMTP). Think “what service do I need?”
- Presentation — Formats data (TLS encryption, compression, encoding).
- Session — Starts/maintains/ends conversations (sessions, cookies, TLS handshakes).
- Transport — End-to-end delivery: TCP (reliable) / UDP (faster). Ports live here.
- Network — IP routing, subnets, gateways. Chooses the path between networks.
- Data Link — MAC addresses, switches, ARP, VLANs. Moves frames on a LAN.
- Physical — Cables, radio, fiber, bits, connectors, signal.
Mnemonic: Please Do Not Throw Sausage Pizza Away (P-D-N-T-S-P-A from bottom to top)
Devices, protocols & examples
- App (7): HTTP/HTTPS, DNS, SMTP/IMAP, SSH
- Pres (6): TLS/SSL, ASCII/UTF-8, compression
- Sess (5): TLS sessions, RPC, NetBIOS session
- Trans (4): TCP, UDP, ports (80/443/53/22/25/110/143)
- Net (3): IPv4/IPv6, ICMP, routing (OSPF, BGP), gateway
- DL (2): Ethernet, ARP, VLAN 802.1Q, STP; switches, NIC MAC
- Phys (1): Cat6, fiber, Wi-Fi 802.11, SFPs; hubs, cabling, signal
PDU names (what data is called per layer)
- L7-5: Data
- L4: Segment (TCP) / Datagram (UDP)
- L3: Packet
- L2: Frame
- L1: Bits
Encapsulation (big picture)
Code:
App data → [TCP header] → [IP header] → [Ethernet header/trailer] → bits on the wire
Segment Packet Frame
OSI ↔ TCP/IP model (quick map)
- TCP/IP Application ≈ OSI 7/6/5
- TCP/IP Transport ≈ OSI 4
- TCP/IP Internet ≈ OSI 3
- TCP/IP Network Access ≈ OSI 2/1
Troubleshooting by layer (checklist)
- Physical: Link light? Cable? Wi-Fi signal? Speed/duplex match?
- Data Link: MAC seen on switch port? VLAN correct? ARP present?
- Network: IP set? Mask/GW correct? Can you ping GW? Traceroute path?
- Transport: TCP handshake succeeds? UDP reachable? Ports open on host?
- Session/Presentation: TLS handshake OK? Cert valid? Time in sync?
- Application: Service up? Right URL/host header? Auth OK? App logs?
Wireshark filter cheat sheet by layer
Code:
# Layer 4 (Transport) tcp.handshake OR tcp.flags.syn==1 udp.port==53 # Layer 3 (Network) ip.addr==192.0.2.10 icmp # Layer 2 (Data Link) arp eth.addr == aa:bb:cc:dd:ee:ff # App examples http OR tls OR dns
Mini-labs you can try now
- Ping chain: Ping your GW → DNS server → 8.8.8.8 → a domain. Where does it fail? Map that failure to a layer.
- TCP handshake: In Wireshark, filter `tcp.port==80` and find SYN → SYN/ACK → ACK.
- ARP watch: `arp -a` before and after first ping to a new IP. Explain the ARP entry you see.
- Traceroute: Run `tracert`/`traceroute` and compare hops to your routing table/default GW.
Common ports to remember (Transport layer)
- 20/21 FTP, 22 SSH, 23 Telnet, 25 SMTP, 53 DNS, 67/68 DHCP, 80 HTTP, 110 POP3, 143 IMAP, 443 HTTPS
Quick self-check (answer in a reply or spoiler)
- At which layer does VLAN tagging happen?
- What layer moves packets between networks?
- You can ping 8.8.8.8 but not load websites—what layer(s) do you check next and why?
- Name the PDU at Layer 2 and Layer 4.
- Which layer handles TLS?
[/code]