When your browser loads a webpage, 7 invisible steps happen between your click and the page appearing. Each step is handled by a different “layer” of the network. Understanding these layers is the difference between a network troubleshooter and someone who just “reboots the router.”
Introduction
- What the OSI Model is and why it exists
- All 7 layers explained with real-world analogies
- Which protocols live at each layer
- How to use the OSI Model to troubleshoot problems
Sending data over a network is like sending a letter through the postal system.
- You write the letter (Application Layer — the content).
- You put it in an envelope and write the address (Presentation — formatting).
- You drop it at the post office (Session — initiating the connection).
- The post office decides: registered or standard mail? (Transport — reliability).
- The postal system routes it through cities (Network — routing).
- A mail truck carries it between offices (Data Link — hop-by-hop delivery).
- The truck drives on a physical road (Physical — the actual wire/signal).
Each layer does ONE job. If a layer fails, nothing below it matters.
Data Encapsulation: The Matryoshka Doll
As data moves down the stack, each layer adds a header (like putting a letter in an envelope, then a box, then a truck).
The 7 Layers at a Glance
Please Do Not Throw Sausage Pizza Away
→ Physical, Data Link, Network, Transport, Session, Presentation, Application
Reading from Layer 1 (bottom) up to Layer 7 (top). This is the mnemonic used in every CCNA class worldwide.
Layer 1: Physical Layer
The “Electricity and Cables” Layer.
This is the raw infrastructure — the copper wires, fiber optic cables, and radio waves that carry electrical signals (1s and 0s) between devices.
| Component | Example |
|---|---|
| Media | Ethernet cables (Cat5e, Cat6), Fiber optic, Wireless radio |
| Devices | Hubs, Repeaters, Network Interface Cards (NICs) |
| Unit | Bits (1s and 0s) |
Troubleshooting Layer 1: Is the cable plugged in? Is the light on the port blinking? Is the Wi-Fi radio on?
Layer 2: Data Link Layer
The “Local Traffic Cop” Layer.
Layer 2 handles communication between devices on the same network (LAN). It uses MAC addresses (hardware addresses burned into your network card) to identify devices.
| Component | Example |
|---|---|
| Protocol | Ethernet (802.3), Wi-Fi (802.11) |
| Address | MAC Address (e.g., AA:BB:CC:DD:EE:FF) |
| Devices | Switches, Bridges |
| Unit | Frames |
Display all network interfaces and their MAC addresses
ip link show eth0- •The 'link/ether' field shows your MAC address
- •On Windows, use: ipconfig /all
Layer 3: Network Layer
The “GPS Navigator” Layer.
Layer 3 handles routing — getting data from one network to another across the internet. It uses IP addresses to identify devices globally, and routers to forward packets between networks.
| Component | Example |
|---|---|
| Protocol | IP (IPv4, IPv6), ICMP |
| Address | IP Address (e.g., 192.168.1.100) |
| Devices | Routers |
| Unit | Packets |
Trace the route packets take across networks to reach a destination
traceroute [destination]traceroute google.com- •On Windows, use: tracert google.com
- •Each 'hop' is a router forwarding your packet
Troubleshooting Layer 3: Can you ping the destination? Is the IP address correct? Is the default gateway configured?
Test if a remote host is reachable via IP
ping [options] [destination]ping -c 4 8.8.8.8- •-c 4 sends only 4 packets (Linux)
- •On Windows, ping sends 4 by default
- •If ping fails, the problem is at Layer 3 or below
Layer 4: Transport Layer
The “Delivery Guarantee” Layer.
Layer 4 decides how data is delivered. Should every packet be guaranteed (TCP)? Or should we prioritize speed (UDP)?
| Component | Example |
|---|---|
| Protocol | TCP (reliable), UDP (fast) |
| Address | Port Numbers (e.g., 80 for HTTP, 443 for HTTPS) |
| Unit | Segments (TCP) / Datagrams (UDP) |
List all open TCP and UDP ports on the system
ss -tuln- •-t = TCP, -u = UDP
- •-l = listening ports only
- •-n = show port numbers instead of names
IP address + Port number = Socket. A socket is the complete “address” of a running service.
Example: 192.168.1.100:443 means “connect to port 443 on device 192.168.1.100” (HTTPS).
Layer 5: Session Layer
The “Meeting Organizer” Layer.
Layer 5 manages sessions — it establishes, maintains, and terminates logical connections between two applications. Think of it as starting a video call, keeping it alive through brief hiccups, and cleanly hanging up when done.
A session tracks who is talking to whom (not just which IP connects to which IP). This matters because:
| What Sessions Enable | Real Example |
|---|---|
| Session initiation | Your browser opens a connection to example.com |
| Session maintenance | Keepalive signals prevent the connection from timing out |
| Checkpointing | File transfers resume from the last checkpoint if interrupted |
| Session teardown | Clean 4-way FIN handshake ensures no data is lost |
In practice, modern protocols like HTTP/2, SSH, and WebSockets handle session management themselves at Layer 7. But understanding Layer 5 explains WHY those protocols need features like heartbeats and graceful connection teardown.
Layer 6: Presentation Layer
The “Translator” Layer.
Layer 6 handles how data is formatted before it reaches the application — encoding, encryption, and compression. It answers: “Do both sides speak the same language?”
| Function | Protocol/Standard | Real Example |
|---|---|---|
| Encryption | TLS/SSL | HTTPS encrypts web traffic |
| Compression | GZIP, Brotli | Web servers compress HTML before sending |
| Character Encoding | UTF-8, ASCII | How ”🔒” becomes a string of bytes |
| Data Serialisation | JSON, XML, Base64 | Email attachments encoded as Base64 text |
You’ll see TLS assigned to both Layer 4 and Layer 6 depending on the source. Here’s the expert answer: TLS operates conceptually at Layer 6 (it translates data into an encrypted form), but its transport session sits at Layer 4. In practice, most engineers just say “TLS sits between Layer 4 and 7” and call it done. Exam answers: Layer 6 for OSI, Layer 4-5 for TCP/IP.
Encapsulation AND Decapsulation
The OSI model works in two directions:
Sending (Encapsulation → going DOWN the stack): Each layer wraps the data in a header (like putting a letter in an envelope, then a box, then a truck).
Receiving (Decapsulation → going UP the stack): Each layer strips its own header and passes the inner content upward.
This is why a Web server’s response can travel through dozens of routers without any of them reading your webpage — they only inspect the Layer 3 (IP) header, stripping and re-adding it as they route. The HTTP content stays untouched inside.
Layer 7: Application Layer
The “User Interface” Layer.
This is where YOU interact with the network. Every web browser, email client, and SSH session operates at Layer 7. The protocols here define what you’re trying to do (browse, email, transfer files).
| Protocol | Purpose | Port |
|---|---|---|
| HTTP/HTTPS | Web browsing | 80 / 443 |
| DNS | Domain name resolution | 53 |
| SSH | Secure remote access | 22 |
| SMTP | Sending email | 25 / 587 |
| FTP | File transfer | 21 |
Make an HTTP request from the command line (Layer 7)
curl [options] [URL]curl -I https://shekharit.com- •-I = show response headers only
- •-v = verbose mode (shows TLS handshake)
- •curl operates at the Application Layer
OSI vs. TCP/IP Model
In the real world, most engineers use the simplified TCP/IP Model (4 layers) instead of the full OSI Model (7 layers):
| OSI Layer | TCP/IP Equivalent |
|---|---|
| 7. Application | Application |
| 6. Presentation | Application |
| 5. Session | Application |
| 4. Transport | Transport |
| 3. Network | Internet |
| 2. Data Link | Network Access |
| 1. Physical | Network Access |
The OSI Model is the language of IT exams and interviews. The TCP/IP Model is the reality of how the internet works. Learn OSI to communicate. Use TCP/IP to build.
Troubleshooting with the OSI Model
When something breaks, work from the bottom up:
| Step | Layer | Check |
|---|---|---|
| 1 | Physical | Is the cable plugged in? Wi-Fi connected? |
| 2 | Data Link | Does the interface have a MAC address? |
| 3 | Network | Can you ping the gateway? The server? |
| 4 | Transport | Is the port open? (ss -tuln) Firewall blocking? |
| 5-7 | Application | Is the service running? Correct config? |
This systematic approach eliminates guessing and saves hours of debugging.
Real-World Debug Scenario
Problem: “The website works on my phone but not my laptop on the same Wi-Fi.”
| Step | Layer | Check | Command | What You Find |
|---|---|---|---|---|
| 1 | Physical | Is the interface up? | ip link show | ✅ Interface is UP |
| 2 | Data Link | Do you have a MAC and IP? | ip addr show | ✅ MAC + IP assigned |
| 3 | Network | Can you ping the router? | ping 192.168.1.1 | ✅ Router responds |
| 3 | Network | Can you ping the internet? | ping 8.8.8.8 | ✅ Google responds by IP |
| 7 | Application | Can you reach by domain? | ping google.com | ❌ DNS fails! |
Root cause found: DNS is broken on this specific laptop. Solutions: flush DNS cache, switch to 1.1.1.1, or check the /etc/resolv.conf configuration.
Without the model, you’d be “trying random things.” With it, you proved in 5 steps that the problem is specifically at Layer 7 (DNS / Application) — not the cable, not the Wi-Fi, not the router.
Common Interview Questions
The OSI model appears in every IT job interview. Know these cold:
| Question | Answer |
|---|---|
| What layer does a switch operate at? | Layer 2 (Data Link — uses MAC addresses) |
| What layer does a router operate at? | Layer 3 (Network — uses IP addresses) |
| What is a socket? | IP address + Port (Layer 3 + Layer 4 combined) |
| Why does HTTP/3 use UDP instead of TCP? | To eliminate TCP’s head-of-line blocking; QUIC (UDP-based) handles reliability itself at Layer 7 |
| What’s the difference between a Layer 4 and Layer 7 load balancer? | L4 balances by IP/port only; L7 reads HTTP headers and can route by URL path or cookies |
| Where does TLS sit in the OSI model? | Conceptually Layer 6, operationally between Layers 4-7 |
| What layer does DNS operate at? | Layer 7 (Application) — it’s a protocol your applications use |
Quiz: Test Your Knowledge
Test Your Knowledge
Take a quick 5-question quiz to check your understanding.
Key Takeaways
- 7 Layers: Physical → Data Link → Network → Transport → Session → Presentation → Application.
- Bottom = Hardware, Top = Software: Lower layers deal with signals and cables; upper layers deal with apps and data.
- Each layer has a unit: Bits → Frames → Packets → Segments → Data.
- Troubleshoot bottom-up: Start at Layer 1 (is it plugged in?) before checking Layer 7 (is the app configured?).
- OSI = Theory, TCP/IP = Practice: Learn both, but TCP/IP runs the internet.
Now that you understand the layers, dive deeper:
- How the Internet Works (The full picture)
- TCP vs UDP (Layer 4 deep dive)
- How DNS Works (Layer 7 deep dive)