What is OSI Model

History Of OSI Model

History of the OSI Model

The OSI Model (Open Systems Interconnection Model) was developed to create a standard framework for communication between different computer systems and networks.

In the 1970s, many companies had their own networking systems that could not easily communicate with each other. To solve this problem, the International Organization for Standardization (ISO) started developing a standard network model.

In 1984, ISO officially introduced the OSI Model, which divides network communication into seven layers. These layers help different hardware and software systems communicate in a structured and standardized way.

The OSI model became an important reference model for network design, learning, and troubleshooting, even though modern networks mainly use the **TCP/IP protocol suite.

The Seven Layers of OSI

Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer

Purpose:
The OSI model helps standardize network communication and makes it easier to understand how data moves through a network.

Why Do We Need the OSI Model?

The OSI Model (Open Systems Interconnection Model) is needed to standardize how different computer systems communicate over a network. It divides network communication into seven layers, which makes network design, development, and troubleshooting easier.

Main Reasons for Using the OSI Model

1. Standardization
The OSI model provides a standard framework so that devices from different manufacturers can communicate with each other.

2. Easy Network Design
By dividing networking into layers, engineers can design and develop network systems more easily.

3. Troubleshooting
The layered structure helps identify and fix network problems quickly because each layer has specific functions.

4. Interoperability
It allows different hardware and software systems to work together, even if they are developed by different companies.

5. Learning and Understanding
The OSI model helps students and engineers understand how data moves through a network step by step.

Physical Layer (Layer 1)

The Physical Layer is the lowest layer of the OSI model. It deals with the physical transmission of raw bits (0s and 1s) over a communication medium like cables, fiber optics, or wireless signals. This layer defines the electrical, optical, or radio signals, voltages, pin configurations, connectors, and cabling standards. It does not understand data; it only ensures that signals are sent and received correctly.

Example: When your computer sends an HTTP request, the Ethernet NIC converts bits into electrical signals and sends them over the LAN cable to the switch.

Data Link Layer (Layer 2)

The Data Link Layer provides node-to-node communication within the same network (LAN). It encapsulates data into frames and adds MAC addresses for source and destination devices. It also provides error detection using mechanisms like Frame Check Sequence (FCS). Switches operate at this layer to forward frames within a LAN.

Example: Your PC’s frame has SRC MAC AA:AA:AA:AA:AA:AA and DST MAC BB:BB:BB:BB:BB:BB (router). A switch reads the destination MAC and forwards it to the correct port.

Network Layer (Layer 3)

The Network Layer is responsible for routing data across different networks. It uses logical addressing (IP addresses) to identify source and destination devices globally. Routers operate at this layer to determine the best path to forward packets. It may also handle fragmentation of large packets to fit the maximum transmission unit (MTU).

Example: Your PC sends a packet with SRC IP 192.168.1.10 and DST IP 93.184.216.34 (example.com). The router reads the IP address and forwards the packet towards the Internet.

Transport Layer (Layer 4)

The Transport Layer ensures end-to-end delivery of data between applications. It segments data from the application layer and adds port numbers to identify the sending and receiving processes. This layer provides either reliable delivery (TCP) with error checking, sequencing, and retransmission, or fast but unreliable delivery (UDP).

Example: When your browser requests a webpage, TCP at Layer 4 creates a segment with SRC port 50000 and DST port 80 to ensure that the HTTP response is delivered correctly.

Session Layer (Layer 5)

The Session Layer manages and controls the dialogue between two devices. It establishes, maintains, and terminates sessions or connections. This layer also handles synchronization, ensuring that communication resumes correctly if interrupted.

Example: While you stay logged into a web application, the session layer maintains your active session ID so the server recognizes you without asking for credentials again.

Presentation Layer (Layer 6)

The Presentation Layer acts as a translator between the application and network formats. It handles data encryption/decryption, compression, and format conversion. This layer ensures that the data sent by the application layer of one system can be understood by the application layer of another system.

Example: HTTPS encrypts your HTTP request before sending it over the network, or it converts a document from ASCII to Unicode for proper interpretation.

Application Layer (Layer 7)

The Application Layer is the topmost layer and interacts directly with end-user applications. It provides services such as web browsing, email, file transfer, and DNS. This layer initiates network communication by creating requests that will be passed down through the other layers for delivery.

Example: When you type http://example.com in your browser, the Application Layer generates an HTTP GET request to fetch the web page. Similarly, DNS queries are created at this layer to resolve domain names into IP addresses.

Summary Table

Layer	Function	Example
7 Application	Provides network services to applications	Browser sends HTTP request
6 Presentation	Formats, encrypts, or compresses data	HTTPS encryption
5 Session	Manages communication sessions	Maintains login session
4 Transport	End-to-end delivery using ports	TCP segment, port 50000→80
3 Network	Routing and addressing	IP packet, SRC=192.168.1.10, DST=93.184.216.34
2 Data Link	Node-to-node delivery using MAC	Ethernet frame SRC MAC→DST MAC
1 Physical	Transmits raw bits over medium	Electrical signals in cable

What is data encapsulation?

To understand the OSI model, you must first understand what data encapsulation is. Let’s explore the following example. Imagine you want to send a letter to a friend who lives in another city to invite him to your wedding. What if you send the letter without an envelope, with any information, such as the sender’s and recipient’s names, addresses, and postcodes? What if you simply write the letter and drop it in the mailbox at the post office?

Let’s examine the following two examples: a letter without an envelope (on the left) and one placed inside an envelope with all required information written on top (on the right). If you put those two into your mailbox, which one will reach its intended recipient and which one won’t?

It is pretty obvious, right? If you send a letter with no envelope and no additional information, such as sender and recipient details, the postal service won’t know where to deliver it. The letter won’t reach anyone. Your friend won’t show up at your wedding.

To ensure that the information (the letter) is delivered to the correct recipient, we must include additional information alongside the letter, so that the postal service knows how to handle it (we encapsulate the data).

The envelope that encapsulates the letter contains the following information, which helps the postal service deliver the letter correctly:

Stamp and postcard
Sender’s name
Sender’s address
Sender’s postcode
Recipient’s name
Recipient’s address
Recipient’s postcode

Optionally, the envelope may include:

Return address (if different from the sender’s address)
Date and time stamp
Subject or reference line inside the letter (in formal letters)

The main idea is that sending letters equals sending information by utilizing the postal service as the medium. Sending emails is the same—it’s still a process of sending information, but through a computer network. The key point is that in both cases, you can’t send just the information alone; you need to include extra details that tell the transporting medium how to deliver the information.

Data Encapsulation in Networking

Computer networks function similarly to the postal service. The difference is that they move digital information instead of paper letters. However, you can’t just send raw data onto the network and expect it to reach the destination, just like you can’t drop a plain letter into a mailbox and expect it to be delivered. The data must be encapsulated with additional information first, as shown in the diagram below.

Imagine a device (like your laptop) wants to send data onto the network. Let’s say you’re sending a Facebook message to a friend. As you type the message and hit enter, the data goes from the web browser (where you have Facebook opened), to the Operating System (OS), to the NIC, and out to the network. Many processes add their own additional information called headers. These headers contain important details, like:

Who the data is for.
Where did it come from?
How it should be delivered.
What type of data is it?

In the end, the simple Facebook message “Hey! What’s up?” looks like a network packet encapsulated with multiple headers, as shown in the diagram below.

This added information helps network devices (like routers and switches) understand how to handle and forward the data correctly to the correct recipient – one of the Facebook servers.

Encapsulation is the process of adding additional information to the data (payload) so that network devices know where to deliver the message.

At the destination, the data undergoes the reverse process of removing headers before the it is presented to the correct application.

Why do we need the OSI model?

The process of data encapsulation is not simple. It involves many different protocols, headers, and steps. Each part of a network—like applications, network devices, and physical mediums—needs to know what to do with the data and how to handle it correctly.

In the early days of networking, different companies built their own systems, using their own encapsulation methods. These systems often couldn’t work together because they didn’t follow the same rules. For example, one vendor might add certain headers in a unique order that another vendor’s device couldn’t understand. This made it hard to send data between different networks or even between devices from the same company.

Additionally, to achieve the ultra-high speeds of today’s networks, network devices must precisely locate the information they need, without examining headers that are irrelevant, as shown in the diagram below.

To fix this, engineers realized that the industry needed a standard framework. They needed a common way to describe how data should be prepared, sent, and received. That’s where the OSI model comes in.

The OSI model gives a step-by-step structure for how data encapsulation should work:

Each layer has a specific job, like adding source and destination addresses or checking for errors.
Each layer uses specific protocols that follow agreed-upon rules.
Each layer adds its own header (and sometimes trailer) to the message, so the receiving system knows how to process it.

In short, the OSI model helps manage the complexity of data encapsulation by providing a clear, standard method that everyone in networking can use. This ensures interoperability, consistency, and easier troubleshooting.

The OSI model helps us understand and explain how data is wrapped up layer by layer (encapsulation), and how it’s unwrapped at the other end (de-encapsulation).

What is the OSI model?

The OSI model, or Open Systems Interconnection model, is a framework that breaks down the encapsulation process into seven layers. Each layer has a specific role and handles a part of the encapsulation, such as data formatting, logical addressing, routing, physical addressing, or error checking.

The following example shows how data moves through the OSI layers and gets wrapped at each step before being sent over the network to the next device. Notice that each layer adds its own specific header with relevant information for the network function.

The primary goal of the OSI model is to establish a standard and vendor-agnostic data encapsulation framework. It helps different devices and systems work together by following the same set of rules and standards.

The following diagram illustrates each layer, with a brief description and the protocols that operate at that layer. Notice that in general, different network devices operate at different layers of the OSI model. This means that a network device cares only for the headers up to a particular layer and doesn’t care about the rest of the headers in the message. For example, a switch only cares about the data link (layer 2) header, which consists of the source and destination MAC addresses. A router cares only about the layer 2 and layer 3 headers, and so on.

Note also that we refer to the data at each layer of the OSI model with a different term. For example, at layer 4, we refer to a TCP message as a segment. At layer 3, we refer to it as a packet. At layer 2, we refer to it as a frame.

The OSI model vs. TCP/IP model

The OSI model, with its seven layers, is a well-structured and useful way to understand how data encapsulation works. However, network engineers quickly notice that layers 5, 6, and 7 are not directly related to most networking tasks. These layers focus more on how software applications handle data, which is usually outside the scope of networking.

As a result, network professionals, through practice and real-world experience, began using a simpler model that focuses on the aspects that matter most to networking—Layers 1 through 4. This led to the development of the TCP/IP model, which has fewer layers and is more aligned with how networks actually operate.

The following diagram shows a comparison of the OSI model (with 7 layers), the first version of TCP/IP (which had 4 layers), and the modern version of the TCP/IP model (with 5 layers).

The modern 5-layer TCP/IP model uses the same names as the OSI model for the lower layers, and their jobs are very similar. So, when reading about networks or talking to others in the field, you can think of the lower four layers as being the same in both models- OSI and TCP/IP.

For this course, make sure you understand how the 5-layer TCP/IP model maps to the 7-layer OSI model (as shown in both ends of the diagram above). Also, remember that when people refer to “Layer 7,” they typically mean the top layer in both models, which handles applications.

KEY NOTE: The CCNA exam no longer focuses on the OSI and TCP/IP models; however, understanding them remains important. Network engineers often discuss networking using the layers of the OSI model.

For example, you will often hear one of the following phrases that you must understand:

“Do you need a layer 2 or a layer 3 port?”
“Is this a layer 2 or layer 3 switch?”
“The problem is at layer 2.”

Although networks today use TCP/IP, many people still refer to OSI layer numbers. For example, people call an application protocol a “Layer 7 protocol,” even though TCP/IP combines some of those OSI layers (application, presentation, and session) into just one.

Here’s what happens in more detail:

Request (GET): Your web browser sends an HTTP message to the web server. The message includes an HTTP header that says, “GET /home.html.” If no file name is given, the server assumes you want the default page.
Response (OK): The server replies with another HTTP message. The header includes a return code like HTTP 200 OK, meaning the request was successful. If there’s an error (for example, page not found), the code might be 404 Not Found instead.
Data Transfer: The server may send multiple messages containing parts of the requested file. To save space, only the first message includes an HTTP header; the rest just carry data.
Request (GET): After opening the homepage, you most likely click on a link that leads you to another internal page. Subsequently, your web browser sends another request for that page. The server responds with the page, and so on.

You can see that HTTP is a client-server, request-response protocol. A web browser sends a request like GET or POST. The server answers with a status code and the web page content.

Where does the network fit into the picture? It transports the request-response messages between the client and server over the most efficient path. However, the application layer does not directly interact with the network. It is more of a set of rules that end devices use to encode/decode data and understand each other.

The network devices operate at the lower layers of the OSI model, as we are going to see in the next lessons.

Let’s first examine the header of each protocol and then study the differences between the two.

The Layer 4 header

Each protocol in the OSI model has its own header that it puts on the packet during the data encapsulation process. Since the data encapsulation process starts from the top (layer 7) to the bottom (layer 1), the application layer determines whether TCP or UDP will be used at the transport layer. Therefore, depending on the application, the packet is encapsulated with a TCP or UDP header.

KEY NOTE: Each OSI model layer serves the one above it. The application layer serves the user.

Let’s examine each header in detail. It is very important to know the content of each L4 header because they are so fundamental to every network technology that you are going to learn along the CCNA/CCNP/CCIE certification path.

TCP header

The TCP header contains information used to ensure the reliable delivery of data. It includes the following fields, as shown in the diagram below:

Source and destination ports (to identify applications).
Sequence and acknowledgment numbers (to track and confirm data receipt).
Flags (such as SYN, ACK, and FIN) that control the connection state.
Window size for flow control.
Checksum for error checking.
Optional fields for additional features.

UDP is a connectionless protocol. Its header only has four fields, making it faster and more efficient than TCP. However, it does not provide any data reliability because it lacks the necessary header fields (sequence number and acknowledgment number) to verify data receipt.

UDP is used for applications where speed is more important than reliability, like live video streaming, online gaming, and other real-time services.

What are the primary functions of the Transport Layer?

Now that we have seen the headers of TCP and UDP, let’s discuss the primary function of the information in the layer 4 header.

Multiplexing

First and foremost, the transport layer header is used to identify the application that sends and receives the data over the network. This is the function of the source and destination ports.

The source port identifies which application on the sender’s device created the data.
The destination port tells the receiving device which application should receive the data.

Let’s look at the diagram below, for example. The server is running several applications at the same time and keeps receiving packets. All the packets have the same MAC (Layer 2) and IP (Layer 3) headers. Because of this, the server cannot determine which application should receive each packet’s data solely by reading the Layer 2 and 3 information. This is where the information in the transport header comes in.

When packets arrive at a device, the port numbers in the Layer 4 header help the device determine which application should receive the data. Each process that runs on the server “listens” for incoming data on a specific TCP/UDP port, as shown in the output below. For example, the Web Server listens on port 80, while the FTP Server listens on port 21.

				
					Microsoft Windows [Version 11.0.25621.5339]
(c) Microsoft Corporation. All rights reserved.

C:\> netstat -a -n

Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    1.2.3.4:21             0.0.0.0:0              LISTENING
  TCP    1.2.3.4:80             0.0.0.0:0              LISTENING
  TCP    1.2.3.4:443            0.0.0.0:0              LISTENING
  UDP    1.2.3.4:6703           0.0.0.0:0              LISTENING

During the decapsulation process, when the operating system encounters a TCP segment with destination port 80, it immediately recognizes that it must deliver the data to the web server listening on port 80.

End-to-End connectivity

Another essential function of the transport layer is to provide end-to-end connectivity and reliability services to upper-layer protocols. TCP is the transport layer protocol that performs these functions.

Establishing a TCP session

TCP provides end-to-end connectivity by establishing a TCP session that maintains the connection state at all times. It happens in three steps, called the three-way handshake:

Step 1: The client that wants to initiate the connection sends a TCP message with the SYN flag set. This says, “I want to start a connection.”
Step 2: The server responds with a TCP message that includes the SYN and ACK flags. This says, “I got your request and I’m ready too.”
Step 3: The client sends a message with the ACK flag to confirm. This says, “We are connected.”

Once these three steps are done, the two hosts can start sending and receiving data. The process is visualized in the diagram below.

				
					Microsoft Windows [Version 11.0.25621.5329]
(c) Microsoft Corporation. All rights reserved.

C:\> netstat -a -n

Active Connections
 Proto  Local Address          Foreign Address        State
 TCP    10.1.1.1:53000         1.2.3.4:80        ESTABLISHED

Note an important concept here. Most internet communications use the Client-Server model.

The client is the application that sends a request. For example, a web browser requests a web page. Notice that the client uses a randomly assigned dynamic port number.
The server is the application that waits for requests and provides a service. For example, a web server that sends back the requested web page. Notice that the server uses a well-known port number.

The concept of port numbers and sockets enables multiple applications to operate simultaneously without being mixed up at the network layer. Both TCP and UDP employ this same idea. You can find out more about this topic in our lesson on TCP and UDP essentials.

Providing reliability (TCP error recovery)

Another fundamental function of the Transport layer is to provide reliable data delivery. TCP provides error recovery to help application protocols, such as HTTP and FTP, work reliably.

For example, let’s say a client uses a web browser to retrieve a homepage from a web server via HTTP, as shown in the diagram below. Let’s walk through the process step by step.

First, the client establishes a TCP session with the server by initiating a three-way handshake.
Once a TCP session is established, the client sends an HTTP GET request to retrieve the web server’s homepage.
The server then sends the entire webpage via HTTP.

But what if the server’s response—the web page itself—is lost during transmission? The web page wouldn’t show up in the client’s browser.

That’s why TCP includes a built-in method to make sure data is delivered successfully. Many applications need reliable delivery, so TCP was designed with an error recovery system. It does this using sequence numbers (SEQ) and acknowledgments (ACKs).

In the diagram above, the server sends the web page to the client in three TCP segments, each labeled with a sequence number (SEQ).

The client receives segments 1 and 3, but segment 2 is lost in the network.
The client’s TCP layer notices that segment 2 is missing (because it got 1 and 3, but not 2).
The client sends a message back to the server asking it to resend segment 2.

This process enables TCP to detect missing data and request a resend, ensuring the application (such as a web browser) receives all the necessary information.

Transport and Network layers work together

Lastly, let’s look at the bigger picture and possibly clear up some confusion that students may have. We have seen that the Transport layer (TCP) keeps track of the end-to-end connection. However, TCP does not influence how the information travels through the network to the remote host.

The Network layer (IP) is responsible for actually delivering packets from the source to the destination. It is the information in the Layer 3 header (source and destination IP addresses) that guides packets through the network. The source and destination IP addresses are like the sender and receiver addresses on a letter sent through the postal service — they tell the postal service where the letter comes from and where it should go. IP addresses do the same- they tell the network where the packet comes from and where it must be delivered.

In summary, the Transport layer includes information about which application sent the data and which application at the remote end should receive it. Additionally, if TCP is used, the Transport layer maintains connection state (whether the remote end wants to communicate) and reliability (using sequence numbers and acknowledgments).

The Transport layer assumes that the network layer delivers the packets to the remote end, as we are going to see in more detail in the next lesson.

Key Takeaways – Transport Layer (OSI Model)

For me, the most important thing that people must understand and remember is what information is inserted at the Transport layer of the OSI model and what the purpose of that information is.

First and foremost, the Transport layer (both TCP and UDP) inserts source and destination port numbers.

The source port number indicates which application sent the data.
The destination port number indicates which application at the remote end must receive the data.

If the application layer uses UDP for transport, basically that’s all. In the UDP header, there is no other significant information apart from the port numbers.

If the application layer uses TCP for transport, the transport layer also inserts sequence numbers, acknowledgment numbers, and flags alongside the port numbers.

The sequence numbers and acknowledgments are used for the reliable delivery and ordering of data.
- Sequence numbers (SEQ) label each segment sent, so the receiver knows the order of the data.
- Acknowledgments (ACKs) are sent back by the receiver to confirm which segment has arrived.
- If data is missing or out of order, TCP can detect it using sequence numbers and request a retransmission.
TCP flags are control bits in the TCP header that help manage the state and behavior of a TCP connection. Each flag has a specific role:
- SYN – Starts a connection.
- ACK – Acknowledges received data.
- FIN – Ends a connection.
- RST – Resets a connection.
- PSH – Tells the receiver to process data immediately.
- URG – Marks data as urgent.
These flags are used in different combinations to establish, manage, and close TCP connections.

Having those essential points in mind, we can summarize everything we have discussed so far as follows:

TCP (Transmission Control Protocol):
- Reliable: ensures all data arrives in order.
- Establishes a TCP session using a 3-way handshake with SYN and ACK flags.
- Uses sequence numbers (SEQ) and acknowledgments (ACKs) for error recovery.
- Slower due to added reliability features and header size.
- Commonly used for web (HTTP/HTTPS), email, and file transfers.
UDP (User Datagram Protocol):
- Unreliable: does not guarantee delivery or order.
- No connection setup, so it’s faster.
- No sequence numbers or acknowledgments.
- Often used for voice/video streaming, online gaming, and other real-time services.
- Good for applications that need speed over reliability.
A socket is made of an IP address and a port number. A pair of sockets identifies a unique TCP connection.
Most internet applications use the client-server model:
- The client initiates the connection and requests some resources.
- The server provides the requested resources.
- The client uses a random dynamic port number. For example, a web browser tab uses TCP port 61000 to initiate a connection to google.com.
- The server uses a well-known port number registered by IANA. For example, a web server listens for connections on ports 80 and 443.

In this lesson, we examine the 3th layer of the OSI model called the Network Layer. Unlike the other OSI layers that have multiple protocols, layer 3 mostly depends on just one— the Internet Protocol (IP), which has developed into two main versions.

IPv4 uses 32-bit addresses and supports about 4.3 billion unique IPs.
IPv6 uses 128-bit addresses, allowing for a much larger number of IPs and improved network efficiency.

Let’s first examine the header of each protocol and then study the differences between the two.

The Internet Protocol (IP)

In the previous few lessons, we discussed the application and transport layers in detail. We saw that the application layer has many protocols, like HTTP, FTP, SSH, and DNS. The transport layer has fewer protocols, with the two most common being TCP and UDP. However, the network layer mainly uses one protocol—the Internet Protocol (IP), as shown in the diagram below. That’s why the Network layer is often called the IP layer.

The Network layer has two primary responsibilities:

To insert the logical addressing into the message in the form of source and destination IP addresses.
To deliver the message to the intended recipient based on the destination IP address.

Let’s revisit our analogy with the postal service to explain how the Network layer functions and how it interacts with the Transport layer.

The Network layer vs. the Postal Service

Let’s imagine again that you want to send a letter to a friend who lives in another city or even another country. What do you do – you just write the letter, put it in an envelope with the names and addresses of the sender and receiver, and drop it in your mailbox. You then expect the letter to be delivered to your friend’s address by the Postal Service. You don’t need to know the exact route the letter takes to go there.

On the other hand, the Postal Service doesn’t know what’s inside the envelope — it’s only responsible for delivering it to the correct recipient address. It must know how to route the letter via the shortest path to its destination address.

Now let’s focus on the difference between the person sending the letter and the postal service. You can clearly see that each one has a separate role and responsibilities.

The person sending the letter knows what’s inside the envelope. Knows the name of the sender and the receiver. However, he doesn’t know the route the letter must take to reach the receiver. He just drops the envelope in his mailbox and expects the postal service to deliver it.
On the other hand, the postal service doesn’t know what’s inside the envelope. It only knows the sender’s and receiver’s addresses. It just accepts letters and delivers them to their destination address. It knows the route to any address and zip code inside the country and also knows where to send letters destined for countries abroad.

This is a very close analogy to the interaction between the Transport and Network layers of the OSI model. The Transport layer is like the person sending the letter. It puts the source and destination port numbers in the message and passes it to the network layer for delivery. The Network layer is responsible for moving the packet from router to router until it reaches the destination. Each router works like a post office, looking at the destination address and forwarding the packet.

You can see how each of the two layers (Transport and Network) has its own distinct role and responsibility:

The transport layer is like the person sending the letter. It doesn’t need to know how the data travels—it just trusts the network layer will deliver it.
The network layer is like the post office. It ensures the packet is delivered by verifying addresses and selecting the most efficient route.

The IP Header

The Internet Protocol (IP) has evolved through two main versions – IPv4 and IPv6. For now, we will only talk about the IPv4 protocol, which is still more widely adopted than IPv6. Most concepts apply equally to version 6. However, there are some differences between the two that we discuss in our IPv6 course.

The IPv4 header is 20 to 60 bytes long and contains key information for the routing and delivery of packets. It includes 14 fields as shown in the diagram below. Each one has a specific role and provides important information to the network devices along the path.

Pay special attention to the Source and Destination IP address fields. They are the most important fields in this header. They have the same role as the street address on a letter. They tell the network where to deliver the packet.

What are IP addresses?

Every device on the network must have a unique IP address, just like every house in a city has its own unique street address. The IP address identifies where a device is located and allows data to be sent to and from it, like a street address for computers.

In the layer 3 header of packets, there are two types of IP addresses: Source and Destination.

The destination IP address tells the network where the packet should go.
The source IP address tells the network who originated the packet.

IP addresses can be grouped into blocks, similar to how street addresses and zip codes are grouped into neighborhoods, cities, states, and countries. This grouping helps routers manage and forward traffic more efficiently, just like the postal service sorts mail by area code rather than by street address.

Routers connect different IP networks and move packets between them. They read the destination IP address in each packet and decide where to send it next. Using routing tables, they choose the best path and forward the packet toward its destination.

Key Takeaways

The Network Layer (Layer 3) of the OSI model is mainly responsible for routing and delivering packets across networks using IP addresses.
Unlike other layers that use many protocols, Layer 3 primarily uses one protocol — IP (Internet Protocol), which has two versions: IPv4 and IPv6.
- IPv4 uses 32-bit addresses and supports about 4.3 billion unique IPs.
- IPv6 uses 128-bit addresses, allowing for a vastly larger number of devices and better routing efficiency.
The IP header contains critical information, including the source and destination IP addresses, which are like street addresses on a letter — they guide the packet to its destination.
Each device on a network must have a unique IP address, just like every house in a city has a unique street address.
IP addresses are grouped into blocks (subnets), similar to how street addresses and zip codes are grouped into neighborhoods and cities. This helps routers efficiently forward traffic.
Routers operate like post offices. They don’t need to know the final address — only where to send packets next, based on address blocks.
IP routing is the process of forwarding packets based on their destination IP address, selecting the best path across routers.
The Transport layer (like the sender of a letter) handles the data and ports but relies on the Network layer to deliver it (like the postal system).

Unlike Layer 3, which primarily uses the IP protocol, Layer 2 employs a variety of protocols. These protocols depend on the type of physical network being used. Some common Layer 2 protocols include 802.3 Ethernet, 802.11 Wireless (Wi-Fi), PPP (Point-to-Point Protocol), and HDLC (High-Level Data Link Control).

However, by far the most widely used Layer 2 protocols today are Ethernet for wired networks and Wi-Fi for wireless networks. In this course, when we study Layer 2, we examine the Ethernet protocol.

The Ethernet Header

Let’s first examine the layer 2 header of the Ethernet protocol and then discuss its main function.

The data link layer adds a layer 2 header and a layer 2 trailer to the packet it receives from the Network Layer (Layer 3). This forms an Ethernet frame, as shown in the diagram below.

The frame includes important information like the MAC address of the sender and receiver, and a frame check sequence (FCS) that is used to check if the frame is received correctly by the directly connected device.

Now, to understand the bigger picture and how the layer 2 framing works, let’s continue our analogy with the Postal Service.

Data Link layer – Postal Service analogy

When you send a letter to someone in another country, you just drop it in your local mailbox. You don’t worry about how it will travel all the way there. Behind the scenes, the postal system moves your letter from one post office to another. Between each pair of offices, they might use cars, trucks, trains, or airplanes. Depending on the transport method, they place your letter in different temporary packages or containers, as shown in the diagram below.

The data link layer works the same way. It handles how data is moved from one device to the next directly connected device, just like how a letter moves from one post office to the next. It adds a “wrapper” around the data (called a frame) to help with delivery over that specific link. Each link along the path might use a different Layer 2 protocol (Ethernet, Wireless, PPP, HDLC, Frame relays, etc.), just like different transport methods in the postal system.

The key idea is that:

The data link layer handles local delivery—hop by hop (post office to post office). At each hop, the address of the next post office is inserted on the temporary package.
The network layer (IP) handles end-to-end delivery – from the sender’s street address to the recipient’s street address (sender and receiver addresses don’t change during delivery).

Framing

Now, let’s see the same example but in the context of networking. The primary function of the Data Link layer is to package the network layer’s packets into frames. Frames add structure so the receiving device can:

Know where the data starts and ends.
Detect if something went wrong in transmission.

Think of a frame like a transport package around the IP packet, with:

Header – source & destination MAC address.
Payload – the data from Layer 3 (e.g., the IP packet).
Trailer – error-checking information.

Let’s see an example and make an analogy with the postal service, as shown in the section above. Suppose the user 10.1.1.1 sends data to Google. It first encapsulates the data into a packet. This packet includes the destination IP address of google.com. That IP packet is then placed inside a Layer 2 frame, for example, an 802.11 wireless frame, so that it can travel across the local network to the local wireless router.

The wireless router receives the frame, removes the Layer 2 header and trailer, and keeps the IP packet inside. It then checks the destination IP address and decides where to send the packet next. To do that, it wraps the same IP packet in a new Layer 2 frame. This new frame is built for the next link — it uses the router’s MAC address as the source and the MAC address of R2 as the destination.

At the next router, the same thing happens again. The frame is removed, the IP packet is checked, and then it’s placed in a new frame for the next hop. This continues until the packet reaches the final destination, which is PC2.

When Google’s server receives the frame, it removes the Layer 2 information and sees that the IP packet is meant for it. Then it passes the data up the stack to the correct application.

Key Note: The IP packet stays the same from start to finish, but the Layer 2 frame that wraps the packet is replaced at every router to match the link between devices.

Data Link Sublayers

An important aspect of the data link layer is that it is not as independent as other layers of the OSI model. It works closely with the physical layer to move data across a network. The data link layer has two sublayers, as shown in the diagram below:

Logical Link Control (LLC) sublayer.
Media Access Control (MAC) sublayer.

The MAC sublayer is especially tied to the physical layer, as it controls how devices access the physical medium and how data is placed on the network.

The physical layer deals with the actual hardware. It defines things like cables and the electrical signals sent through them. The data-link layer adds rules for how that data should be sent over the physical connection.

These two layers help deliver data from one device to another. When a computer or router wants to send an IP packet, it uses the data-link layer to get that packet to the next device in the path.

Why not just send the bits raw?

Because without structure, the receiver wouldn’t know where one message ends and the next begins!

What are the MAC addresses?

At the Data Link layer, devices use MAC addresses to deliver data. Each network interface, like a network card or a router port, has its own unique MAC address. Let’s look at the following diagram, for example.

PC1 has a MAC address A.
R1 has two interfaces, one with a MAC address B and the other C.
R2 has two interfaces, one with a MAC address D and the other E.
SRV1 has a MAC address of F.

Remember, these MAC addresses are just made-up examples. In real life, a MAC address is 48 bits long and written in hexadecimal, like 00aa.bbcc.ddee. However, let’s use these short imaginary MACs to emphasize how a packet travels across the network from PC1 to server SRV1.

When a device like PC1 wants to send data, it creates a packet with the source and destination IP addresses (in green). Then, it encapsulates the IP packet into a frame that includes its own physical address as the source MAC and the destination MAC address of the next hop router on the same local network. In our example, this is router R1.

When R1 receives the frame, it removes the layer 2 header and trailers, makes a routing decision, and then re-encapsulates the IP packet into a new frame, with a new layer 2 header. It sets the source’s MAC to its own physical address and the destination’s MAC to the physical address of the next-hop router R2.
The process repeats at R2. It removes the layer 2 header and trailer and re-encapsulates the IP packet into a new frame destined to the MAC address of the Server SRV1.
When the server receives the frame, it removes the layer 2 header and trailer and decapsulates the IP packet to get the payload.

Note a few essential aspects of the communication:

At each router, the layer 2 frame is removed and rebuilt. This is called frame re-encapsulation.
The source and destination MAC addresses change when the frame is re-encapsulated by every router.
The IP packet (the layer 3 header) stays the same along the entire network path.

This is how information travels across the network. The information in the layer 3 header (source and destination IPs) stays the same along the entire path. It is used to guide the packet to the intended recipient of the data payload. On the other hand, the layer 2 header changes at every hop. The information in the layer 2 header is used to guide the frame to the directly connected next-hop router.

KEY NOTE: MAC addresses are used to deliver frames within the same local network (Layer 2).

The layer 2 trailer

Let’s look again at the example shown in the diagram above. The Layer 2 trailer is added at the end of each frame before it is sent over the network. Its main purpose is to help detect errors during transmission. The most common part of the trailer is the Frame Check Sequence, or FCS. The FCS contains a value calculated from the data in the frame using a method called CRC, or Cyclic Redundancy Check.

When the frame reaches the destination, the receiving device performs the same CRC calculation. It compares the result with the FCS in the trailer. If the values match, the frame is assumed to be correct. If they don’t match, it means the data was corrupted during transmission, and the frame is discarded.

The Layer 2 trailer is important for error detection but not for error correction.

What is a Switch?

You will often encounter the explanation that a switch is a network device that operates at Layer 2 of the OSI model. But what does that exactly mean – switches work at the Data Link layer?

It means that switches read only the layer 2 header of frames and make switching decisions based on that information, as shown in the diagram below. That’s why we say they operate at Layer 2.

Key Takeaways

The Data Link Layer (Layer 2) is responsible for local delivery between devices directly connected on the same network. It takes IP packets from Layer 3 and wraps them in frames that include a header and a trailer.
- The L2 header contains source and destination MAC addresses.
- The L2 trailer includes the Frame Check Sequence (FCS) used to detect transmission errors.
Unlike IP addresses, which stay the same across the entire network path, MAC addresses change at every hop. Each router removes the old frame and adds a new one to move the IP packet to the next device. This is called frame re-encapsulation.
MAC addresses are only used within the local network. Routers forward packets based on IP addresses but re-encapsulate them in new Layer 2 frames for each link.
Ethernet is the most common Layer 2 protocol for wired networks. 802.11 Wi-Fi is standard for wireless networks.
Switches operate at Layer 2 and use MAC addresses to forward frames between devices on the same network.
The Data Link Layer has two sublayers:
- Logical Link Control (LLC).
- Media Access Control (MAC).
The MAC sublayer manages access to the physical medium and works closely with the Physical Layer. It is responsible for mechanisms like CSMA/CA and CSMA/CD, which we discuss in detail in the next course, part of our CCNA learning path.
Finally, the trailer at the end of the frame helps detect errors but doesn’t correct them. If the frame is corrupted, it is simply discarded.

OSI model in practice

Notice that the Wireshark tool makes traffic captures at the NIC card of the computer, as shown above. However, it shows the network data exactly as it appears on the local LAN.

What is Wireshark?

First, let’s introduce the application that we use to capture and explore network packets. Wireshark is a free tool that lets you capture and analyze network traffic in real time. It shows you packets going through your network, including their source, destination, protocol, and contents. It is one of the most commonly used network tools in the real world for troubleshooting, monitoring, learning how protocols work, and finding security issues. Think of it as a microscope for network data.

You can download Wireshark at this link. It has releases for all modern operating systems (Windows, Linux, macOS) and CPU architectures (x86, x64, ARM).

Working with Wireshark

After installing Wireshark on our computer, go to Capture > Options, as shown in the screenshot below.

Here’s a high-level explanation of the most significant fields in the header:

Version: 4 — It’s an IPv4 packet.
Header Length: 20 bytes — The size of the IP header.
Differentiated Services (DSCP/ECN) — Indicates quality of service (QoS) priority info; here it’s default with no QoS marking.
Total Length: 519 — Entire IP packet size (header + data) in bytes.
Flags: Don’t fragment and Fragment Offset — Packet is not fragmented and should not be split into smaller pieces.
Time to Live (TTL): 128 — Maximum number of hops the packet can travel before being discarded.
Protocol: TCP (6) — The payload is a TCP segment.
Source Address: 145.254.160.237 — Where the packet came from.
Destination Address: 65.208.228.223 — Where the packet is going.

Ninety-nine percent of the time, people look at the source and destination IP addresses in the Layer 3 header of packets.

Establishing the TCP Session

Now, let’s shift our focus to the higher layers of the OSI model. Recall that every client-server HTTP/HTTPS connection starts with the TCP three-way handshake, as shown in the diagram below.

Let’s look at the high-level explanation of the most significant fields in the header:

Source Port: 3372, Destination Port: 80 — Client is trying to connect to a web server (HTTP).
TCP Flags: SYN — This is a SYN packet, used to initiate the connection.
Sequence Number: 0 — First byte in the connection.
TCP Segment Length: 0 — No data is being sent yet; it’s just signaling connection start.
Window: 8760 — The client can receive 8760 bytes before sending an ACK.
Header Length & Options — Includes options like Maximum Segment Size and SACK (Selective Acknowledgment) support.
Acknowledgment Number: 0 — Not used in the first SYN.

In short, this packet is the client saying: “I want to start a TCP connection with you.”

HTTP

Once the client establishes a TCP connection with the server, it requests the web page that the user wants via HTTP, as shown in the diagram below.

Here’s a high-level explanation of the most significant fields in the header:

GET /download.html HTTP/1.1 — The client is asking the server for the page download.html using HTTP/1.1.
Host: www.ethereal.com — Specifies which website the request is for.
User-Agent: Mozilla/5.0… — Identifies the browser and operating system.
Accept / Accept-Language / Accept-Encoding / Accept-Charset — Tell the server what types of content, languages, encoding, and character sets the client can handle.
Connection: keep-alive — The client wants to keep the connection open for more requests.
Referer: http://www.ethereal.com/development.html — Shows the page that linked to this request.

In short, the client is requesting a web page and providing details about how it can handle the response.

Key Takeaways

The main point of this lesson is that Wireshark is an indispensable tool for network engineers at any stage of their career. The earlier you start using it to learn and understand protocols in depth, the better engineer you will become.

The OSI model helps visualize how data travels through different network layers, from physical transmission to application-level requests.
Wireshark is a powerful tool for capturing and analyzing traffic at each OSI layer.
Understanding each layer’s headers helps diagnose network problems and learn protocol behavior.

furniture

lightings

accessories

Texture lab

what’s new

what’s new

Flash sales

Flash sales

What is OSI Model

History Of OSI Model

History of the OSI Model

The Seven Layers of OSI

Why Do We Need the OSI Model?

Main Reasons for Using the OSI Model

Physical Layer (Layer 1)

Data Link Layer (Layer 2)

Network Layer (Layer 3)

Transport Layer (Layer 4)

Session Layer (Layer 5)

Presentation Layer (Layer 6)

Application Layer (Layer 7)

Summary Table

What is data encapsulation?

Data Encapsulation in Networking

Why do we need the OSI model?

What is the OSI model?

The OSI model vs. TCP/IP model

The Internet Protocol (IP)

OSI model in practice

Lab Setup

OSI MODEL Slide