Understanding TCP/IP and OSI Models
Understanding TCP/IP and OSI Models Article covers the following CCNA and ICND1 v2 Exam Topics:
Under Operation of IP Data Networks:
1. Describe the purpose and basic operation of the protocols in TCP/IP and OSI Networking Models.
2. Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges, and Hubs.
3. Select the components required to meet a given network specification.
Recommended Study Plan:
1. Download the ICND1v2 Exam Topics Sheet from Cisco Website.
2. Follow the Steps and the Articles under “ IP Networks Fundamentals” by order.
Average Time Required Studying this Article: 1 Hour
What is a Networking Model such TCP/IP or OSI model?
The TCP/IP and OSI are hierarchical models to define how network devices and their applications must follow
Protocols that have set of rules in order to communication with each other, similar to People Laws such a country
Transmission Control Protocol/Internet Protocol (TCP/IP) Model was created by US Department of Defense (DOD)
and Open Systems Interconnect (OSI) model was created by the International Standards Organization (ISO).
So, a Network Model such TCP/IP or OSI refers to comprehensive set of Protocols. Those protocols which are set of
logical rules that Network devices must follow to communicate with each other. Protocols such HTTP, FTP, SMTP,
POP3, OSPF, EIGRP, and ARP, just to name a few.
How important to understand TCP/IP and OSI Models?
By understanding the TCP/IP and OSI models, you can imagine how all these set of protocols manage IP networks.
You can understand how bits are sent by network devices on the downstream as electrical across copper wires or
pattern of light signals across fiber optic wires. On the upstream received by another network device layer 1,
reassembled into frame, de-encapsulated and re-encapsulated back again with New MAC address or switched to the
right destination through the Ethernet switch; how that PC received the bits, assembled the bits into frame,
disassembled the frame and the packet to verify that it is meant to its MAC or IP address; how it breaks up the
segment at the transport layer, responds with an acknowledgement (ACK), and sends the data up to the session,
presentation, and application layers; and how every tiny communication requires this whole process to happen in a
fraction of second.
Overview of the TCP/IP Networking Model
Transmission Control Protocol/Internet Protocol (TCP/IP). The first part: TCP is a main protocol that runs under
Transport Layer 4 of TCP/IP Model; IP is another main protocol that runs under Network Layer 3 of TCP/IP Model,
hence, called TCP/IP Network Model – they just picked its name based on these protocols. Both of them combined;
refer to the whole suite or Networking Model that is used today for Network communication. OSI is similar to TCP/IP
and used globally as reference Model since it has 7 layers vs. 5 Layers used by TCP/IP Model. But remember, we
configure IPv4 or IPv6 stack on the Network devices instead of OSI stack.
The TCP/IP Networking Model both defines and references a large collection of protocols that allow components to
communicate. To help people understand a networking model (such TCP/IP and OSI Models), each model broken
down to something called Layers. Each layer includes protocols and standards that relate to that category of functions
and TCP/IP has two models as shown below.
The original TCP/IP Network Model started with 4 Layers
1. Link Layer
The second version of TCP/IP became 5 layers: changed the name of Internet Layer to Network layer and divided
the link Layer to 2 layers
The difference between OSI model and TCP/IP model: OSI stretched Application layer to 2 more layers:
TCP/IP Model 5 Layers
Application Layer (5)
The TCP/IP Application Layer protocols provide services to the application software running on a PC or Server such
HTTP, FTP, SMTP, POP3, and much more. The application layer does not define the application itself, but it defines
services that applications need. E.g. application HTTP defines how web browsers can pull the contents of a web page
from a web server. Therefore, the application layer provides an interface between a browser running on a PC and a
web services running on a web server.
Representation Overview as Part of App Layer: The TCP/IP Representation Layer part of the Operating System
level where it converts incoming and outgoing data stream to represent it in a specific file format using a specific
window such text, jpeg, and html window with the help of its appropriate program. In addition, data encryption
happens at this layer as well since that’s where it can be represented.
Notice: that the Presentation Layer at TCP/IP Model is a feature included with Application Layer.
Session Overview as Part of App Layer: The TCP/IP Session Layer can be considered the manager of session
between the PC and a remote PC or Server from setting up, coordinate, terminate, exchange, and manage the
application sessions from starting point to the end point.
Notice: that the Session Layer at TCP/IP Model is a feature included with Application Layer.
Transport Layer (4)
Here where the Data get Segmented based on TCP or UDP Port numbers and IP Addresses, together “IP-
Address:Port” called ” TCP Socket or UDP Socket”. The Transport Layer uses the two most common protocols
Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) for Segmenting. This article will mention
little bit about TCP Error Recovery. Check Understanding TCP and UDP Protocols Article for More Information.
TCP Error Recovery Overview: uses the concept of Acknowledgments and to appreciate what the TCP does, you
must think about the layers above the Transport Layer, starting from Application Layer. Technically, each layer in
TCP/IP provides a service to the layer above it, like TCP Error-Recovery service provided especially for Application
layer. TCP mechanism guarantee delivery of data across the Network. Therefore, many Application Layer protocols
such HTTP requires guarantee data delivery across a network, hence, TCP port 80 is used to recover data segments
due to corrupted frames on the way.
Network Layer (3)
Here where the segments get Packet. Network Layers includes major protocols. Most commonly used: Internet
Protocol (IP). IP manage several services like IP Addressing, and IP Routing. This article compares IP Addressing
and IP Routing logic concepts with another commonly known concept that uses Addressing and Routing: Postal
Data-Link Layer (2)
Here where IP Packets get Framed, and here where the last piece of Software control protocol can be applied on the
Data before it can be handled as frame to the Hardware Layer (Physical Layer) for bit transmission. Since Data Link
Layer has to deal with different media technology, it includes more standards and protocols than Network Layer. For
example, it includes all the variations of Ethernet protocols, along with several other LAN and Wan Technologies.
Wide Area Network (WAN) protocol standards which differ significantly compared to Ethernet Standards because of
the longer distance involved in transmitting the Data, hence, different type of cable technology used with WAN.
Such WAN Control Protocols are: Point-to-Point (PPP), High-Level Data-Link Control (HDLC), and WAN’s Frame
Relay Control Protocols and standards, just to name a few. So in short, Data Link Layer defines the functions used in
these Protocols such rules and controls to deliver the IP Packets that hold the data through different types of Physical
Physical Layer (1)
At this stage of the communication process and based on the figures above, the data has been segmented by the
Transport Layer using destination and source TCP Port Numbers, placed into an IP packet by Network Layer using a
destination and source IP addresses, encapsulated as Ethernet Header and Trailer forming a frame, with destination
and source MAC addresses. Next: Physical Layer on the Downstream and based on the media used, creates an
electrical, optical, or radiowave signals that represents the bits in each frame. These signals are then sent on the
media one at a time. It is also the job of the Physical Layer to retrieve these individual signals from the media, restore
them to their bit representations, and pass the bits up to the Data Link Layer as a complete frame.
Note: The media does not carry the frame as a single entity. The Media carries signals one at a time to represent the
bits that make up the frame. There are three basic forms of network media used to represent the data as signals:
1. Copper Cable – UTP or Coaxial – Electrical Signal
2. Fiber Optic strand – Single Mode or Multi-Mode – Pattern of Light Signal
3. Wireless – Radio Transmission - Radiowave Signal
The representation of the bits – that is the type of signal – so it depends on the type of media. For copper cable
media, the signals are patterns of electrical pulses. For fiber, the signals are patterns of light. For wireless media, the
signals are patterns of radiowave signals.
E.g. A Host’s Ethernet Interface card or even an Ethernet Switch’s Port combines 2 important functions:
1. The physical layer Control Protocol (Ethernet Control Protocol)
2. And the Encoding and Electrical Signaling Transmitter.
The Network Interface Card or Switch’s Port converts the frame to bits, encodes the bits into electrical signal, and
transmits the electrical signals one at a time through the copper cable.
Data Encapsulation overview
Understanding Encapsulation process is very important for Troubleshooting. PC1’s Application Layer encapsulates
the contents (GET MSG) inside an HTTP header (1). Then Transport Layer encapsulates the HTTP header and the
data inside a TCP header called Segment (2). Then Network Layer encapsulates the TCP Segment inside an IP
header called Packet (3). Finally, the Data-Link Layer encapsulates the IP Packet inside Ethernet Link Header and
Ethernet Link Trailer called Frame (4), and handled to the Physical Layer for Transmission.
Mapping Encapsulation Process to something we are familiar with:
Person Sending a Letter: The initial step to send a Letter is to “Write a Letter” Application Layer (5) up to
Transport Layer (4) act like a Person wrote a letter. These upper layers work the same way regardless of whether
the endpoint hosts are on the same LAN or are separated by the entire Internet. To send the letter which is the Data,
these upper layers simply handle the letter to the Network layer for packing and delivery procedures. Application
Layer and Transport Layer are just writers, the lower Layers take the Letter, put it inside an envelope, and choose the
best method to deliver it.
So, the Lower Layers starting at Network, Data-link, and Physical layers, act like the Postal Service infrastructure.
They stamp, prepare, pack, and deliver messages to the correct destinations. To do so, these lower layers must
understand the underlying physical network because they must choose how to best deliver the data from one host to
another. Network, Data-link, and Physical layers together complete the letter or a package delivery process.
The Most Important piece to Route Post Office Letters or IP Packets is: An Address System
IP as part of Network layer, defines that each host should have a different IP address; just as the postal service
defines addressing that allows unique addresses for each house, apartment, and business. Similarly, IP defines the
process of routing so that devices called Routers can work like the Post Office Routing System, Routing Packets of
Data so that they are delivered to the correct destinations. Just as postal service, created the necessary infrastructure
such sorting machines, trucks, planes, and personal to deliver (Route) letters to other individuals that might be located
in the same City or located in different City.
Similar work procedure happens at lower the Layers: 3, 2, and 1. The Network Layer defines the details of how a
network infrastructure should be managed, so the network can deliver data to all computers in the local Network or
the remote network using IP Addressing system through IP Routing Procedure.
IP addressing: IP defines addresses for several important reasons. First, each device that uses TCP/IP Model needs
a unique address so that it can be identified in the Network. IP also defines how to group addresses together, just like
the Postal System groups addresses based on Postal Codes or like Zip codes in the US. The 32 bit address scheme
used by IPv4 called dotted-decimal notation (DDN). E.g. 192.168.1.1. Routers do the equivalent of the work done by
each Post office site: They receive IP packets on various physical interfaces make a decision based on the IP
address included with the packet, and then physically forward the packet out some other network interfaces.
IP Routing: A term used to represent the overall pieces that work together to provide a service of Routing IP packets
from any Network device to another. (Like Post Office Mail Routing). Any device with an IP address can connect to the
TCP/IP networking model and send packets. As any one of us can mail using his/her mailing address. Note: Even
PC/Host still does IP Routing since it is configured with TCP/IP Stack. Computers meant for Data processing and they
route among each other if they are located in the same Local Area Network. Routers meant for IP Packet processing
and they mainly Route among each other. Finally, Switches meant for Frame Forwarding.
OSI Model 7 Layers
Please note: It is important to mention that many network devices must actually understand the protocols at multiple
OSI layers (but in reality are using the TCP/IP Stack), so the layers listed below actually starts with the highest layer
that the normal device such PC thinks about when performing its Data Processing Job.
Routers in the other hand, need to think about Layer 3 concepts and must also understand and support features at
both Layers 1 and 2.
It’s worth to mention that some Routers act like Firewalls, their filter rules trigger at Layer 7 such Proxy Firewalls and
Stateful Firewalls, such routers understand all 7 layers concepts like PC or Server, yet require more horsepower than
regular router hardware. The hardware specs for a Proxy or Stateful firewall would be similar to a Rack Server
hardware specs that has more than one CPU and Gigs of RAM.
What kind of Applications and Protocols reside at each of the OSI layers
Layer 7 – Application: The application layer is where the protocols and services reside. Examples of Services
located here: Telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
Layer 7 provides an interface between the communications software and any application to communicate outside the
computer on which the application resides. It also defines the processes for use of authentication.
Layer 6 – Presentation: The presentation layer PRESENTS data to the Application Layer using different
presentation data Formats. Examples of Data Formats located here: encryption (like IPSec), ASCII, and JPG.
Layer 6 defines and negotiates presentation data formats such as ASCII text, EBCDIC text, binary, BCD, and jpeg.
Encryption defined by the OSI as Presentation Layer data format.
Layer 5 – Session: This layer is responsible for initiating and terminating network connections – Session Manager.
Examples of Sessions located here: Remote Procedure Call (RPC) functions and the login portion of a SQL session.
Layer 5 defines how to start, control, and end conversations (called sessions). This includes the control and
management of multiple bidirectional messages so that the application can be notified if only some of a series of
messages are completed. This allows the upper layer Presentation Layer to have a seamless view of an incoming
stream of data.
Layer 4 – Transport: TCP and UDP sockets work at the transport layer. TCP provides reliability, error correction,
sequencing, SYN ACK FIN Handshake, and windowing (flow control). Additionally, TCP at the transport layer provides
source and destination port numbers that are commonly associated with Servers’ services to form TCP or UDP
Sockets. For example, TCP port 25 is SMTP, 23 is telnet, 22 is SSH, 80 is HTTP, 443 is HTTPS, and so on. These
port numbers are very important if you are configuring an Extended ACL. Layer 4 focuses on issues related to data
delivery to another computer, such error recovery and flow control.
Layer 3 – Network: The network layer is where the “IP” part of “TCP/IP” happens. IP is responsible for addressing in
the network. Because IP works at layer 3, you could also say that routing and routers work at layer 3. Any data at
layer 3 is called an IP Packet. Layer 3 defines three main features:
Routing, Logical Addressing, and Path Determination.
1. Routing defines how devices (typically Routers) route IP packets to their final destination.
2. Logical Addressing defines how each device can have an IP address that can be used by the routing process.
3. Path Determination refers to the work done by Routing Protocols to learn possible routes and choose the best
Layer 2 – Data Link: If you think about WAN Technologies , there are many protocols that work at layer 2 (like PPP
and Frame-Relay). However, if you just look at the LAN, the most well-known protocol associated with layer 2 is
Ethernet. The Ethernet protocol uses MAC addresses to identify unique devices on the network. Any data at layer 2
is called a frame. Ethernet switches work at layer 2 to switch Ethernet Frames. To do this, they keep a MAC address
table or CAM table – mapping MAC addresses to switch ports.
Layer 2 defines the rules that determine when a device can send data over a particular medium. Data Link Protocols
also define the MAC Address and the format of a header and trailer that allows devices attached to the medium to
successfully send and receive data (Frames).
Layer 1 – Physical: The physical layer provides the actual connection between devices. Ethernet cables and fiber
optic cables work at layer 1. Data goes through the cables via electricity or light. That data is now represented as
bitstream Zeros and Ones. Layer 1 refers to standards from other organizations. These standards deal with the
physical characteristics of the transmission medium, including connectors, pins, use of pins, electrical currents,
encoding, light modulation, and the rules for how to activate and deactivate the use of the physical medium.
To remember the OSI Layers
For CCNA certification test, most certified professional remember these layers by taking the first letter of the layer and
matching it with a word. Here is a common way to remember the OSI model:
“All People Seem To Need Data Processing”
OSI Encapsulation Terminology
The TCP/IP model uses terms such Segment to refer to Transport Layer, Packet to refer to Network Layer, and
Frame to refer to Data-Link Layer.
OSI uses a generic term: Protocol Data Unit (PDU).
Rather than using terms such Segment, Packet, and Frame. OSI simply refers to the layers by PDU as show in the
Horizontal Layer Interaction: Occurs between the 2 Computers Layers
Horizontal Layer Communication or Peer-to-Peer communication, happens when for e.g. Application Layers on both
computers talk to each other directly. In another word, an Application Layer talks directly to a Remote Host’s
Application Layer, each using a specific protocol such HTTP E.g. PC1 requested a webpage from a Web-Server
using HTTP. After forming a TCP socket and start exchanging data, Peer-to-Peer communication is happening using
Application layer at PC1 and Application Layer at the remote Host (web-server).
In another word, any protocol defined by each layer (7 to 1) such http, TCP, OSPF, Ethernet, and so on, uses a
header that is transmitted between the computers to communicate what each computer wants to do at this stage of
the layer 2, 3, 4, or 7. Any Header added by any Layer’s protocol (7 to 1) of the sending computer such PC1 should be
logically processed by the same exact layer of the receiving computer such as Web-Server.
Another E.g. the web-server set a pattern of sequence numbers 1, 2, 3, and so on during a TCP socket data
exchange communication session; since both of them using TCP Socket connection, PC1 in this case can determine
based on ACK messages if some data did not arrive or a sequence number got lost on the way; PC1 can request the
lost data again based on sequence number (TCP Error Recovery Feature). This process through which two
computers set and interpret the information in the header used by Transport Layer is called Horizontal Layer
Interactions, and it occurs between 2 computers that are communicating over a network using the same layer
Vertical layer Interaction: Occurs among the Layers on the same Computer
Vertical layer Communication, happens on a single computer, one layer provides a service to a higher layer. The
software or hardware that implements the higher layer requests that the next lower layer perform the needed
E.g. the higher layer protocol such HTTP informed the Transport layer that it needs an error recovery since some web
data got corrupted. Transport Layer with TCP providing Error Recovery service, informed the Remote Host and
requested the lost data again based on sequence number, once the data retransmitted again from the remote host
and received by the Transport Layer, it handles the data again to the Application Layer HTTP. This communication
between the Application Layer straight down asking the Transport layer for TCP Error Recover Feature and waiting for
respond is: called Same Machine Vertical Communication.
Finally, Prepare for Certification and for the Real World
Certainly, any entry-level certification will require you to learn about TCP/IP and OSI models and answer some
questions about it. For example, ICND1 certification requires that you understand the TCP/IP and OSI models. I
believe this all comes back again to knowing How Important to understand TCP/IP and OSI Models.
Once you Understand and become familiar with TCP/IP and OSI models Concept, you will be Professional in IP
Next: Understanding Packet Flow Across the Network
Go to top
About Imad Daou
About Imad Daou
He is the founder of CCNA HUB, a CCNA Training HUB to help CCNA students get certified. Imad has more than 10
years of IT experience as Field Service and Consulting Engineer. A+, Network+, Server+, Security+, Storage+, HP,
Dell, and IBM Hardware Certified. He's a Professional SMB IT Consultant.
Facebook • Twitter • Linkedin • Google •
Copyright secured by Digiprove © 2013 Imad DaouSome Rights Reserved
Original content here is published under these license terms: X
Attribution, Share Alike
You may copy this content, create derivative work from it, and re-publish it, provided you include an
overt attribution to the author(s) and the re-publication must itself be under the terms of this license or