CheatSheetsHero

Browse / OSI Model Essentials

May 01, 2025 22:43
network-layers
networking
osi-model
Download PDF
Missing something?

OSI Model Essentials

Navigate the seven layers of the OSI model with this concise cheat sheet, covering each layer's function, protocols, devices, and troubleshooting tips.

OSI Model Overview & Layers 1-3

Introduction & PDU Names

The OSI (Open Systems Interconnection) model is a conceptual framework used to describe the functions of a networking system. It divides network communication into 7 layers. Understanding the model helps visualize how data travels across a network and aids in troubleshooting.

Each layer handles specific tasks and passes data (often with added headers/trailers) down to the next layer. At the receiving end, this process is reversed.

Layer

PDU (Protocol Data Unit)
  1. Application

Data
  1. Presentation

Data
  1. Session

Data
  1. Transport

Segment (TCP)
Datagram (UDP)
  1. Network

Packet
  1. Data Link

Frame
  1. Physical

Bit

Layer 1: Physical

Role: Deals with the physical connection, defining specifications for cables, connectors, and sending/receiving raw bit streams over the physical medium.

PDU: Bit

Key Functions:

  • Defines electrical/optical/physical characteristics
  • Data encoding (how bits are represented)
  • Data transmission rate
  • Topology (how devices are connected)
  • Synchronization of bits

Devices:

  • Hubs
  • Repeaters
  • Cables (Ethernet, Fiber Optic, Coax)
  • Connectors (RJ45)
  • NICs (Physical aspects)

Protocols/Standards:

  • IEEE 802.3 (Ethernet Physical Layer)
  • USB
  • DSL
  • Bluetooth (Physical Layer)
  • RS-232

Examples:
Sending voltage signals over a copper wire or light pulses over a fiber optic cable. Determining if a link is up or down.

Tip: If you have a connectivity issue, always start at Layer 1. Is the cable plugged in? Is the link light on? Is the power on?

Best Practice: Ensure proper cabling standards (e.g., Cat 5e/6 for Ethernet) are followed to avoid physical layer errors like signal loss or interference.

Troubleshooting:

  • Check cable integrity
  • Verify connector seating
  • Look for link lights
  • Test ports on devices
  • Use a cable tester

Trick: A simple ping test fails if L1 is broken, but success means L1-L3 are likely working.

Layer 2: Data Link

Role: Provides node-to-node data transfer. Handles physical addressing (MAC), error detection (within the frame), and flow control (between directly connected nodes).

PDU: Frame

Key Functions:

  • Framing (dividing bit stream into frames)
  • Physical Addressing (MAC addresses)
  • Error Control (detecting errors in transmission)
  • Flow Control (managing data rate between nodes)
  • Media Access Control (managing access to shared medium)
  • Provides reliable transfer over the physical layer

Sublayers:

  • Logical Link Control (LLC): Handles communication between network layers and device drivers. Provides connectionless and connection-oriented services.
  • Media Access Control (MAC): Controls hardware addressing and access to the shared network medium. Manages MAC addresses.

Devices:

  • Switches
  • Bridges
  • NICs (MAC address and framing)
  • Access Points (Wireless L2)

Protocols/Standards:

  • Ethernet (IEEE 802.3)
  • PPP (Point-to-Point Protocol)
  • HDLC (High-Level Data Link Control)
  • Wi-Fi (IEEE 802.11)
  • ARP (Address Resolution Protocol - resolves IP to MAC)

Examples:

  • A switch forwarding a frame based on the destination MAC address.
  • Detecting a corrupted frame using CRC (Cyclic Redundancy Check).
  • A device acquiring a MAC address.

Tip: If devices on the same local network cannot communicate (but pings to localhost work), suspect a Layer 2 issue like a switch misconfiguration or duplicate MAC address.

Best Practice: Implement MAC address filtering on switches or wireless access points for basic security.

Troubleshooting:

  • Check switch port status
  • Verify MAC addresses
  • Check for broadcast storms
  • Look at switch forwarding tables
  • Use tools like arp -a or show mac address-table on switches

Layer 3: Network

Role: Provides logical addressing (IP) and routing of packets across different networks. Determines the best path for data.

PDU: Packet

Key Functions:

  • Logical Addressing (IP addresses)
  • Routing (determining path from source to destination)
  • Packet Forwarding
  • Fragmentation/Reassembly

Devices:

  • Routers
  • Layer 3 Switches
  • Firewalls (Network Layer functions)

Protocols/Standards:

  • IP (Internet Protocol) - IPv4, IPv6
  • ICMP (Internet Control Message Protocol) - used by ping/traceroute
  • Routing Protocols (RIP, OSPF, EIGRP, BGP)
  • IPsec

Examples:

  • A router deciding which interface to send a packet out of based on its destination IP address.
  • A packet traversing multiple routers across the internet.
  • Using ping to check connectivity to a remote host.

Tip: If you can ping devices on your local network but not outside your network, the issue is likely at Layer 3, involving your router or default gateway.

Best Practice: Use static or dynamic routing protocols appropriately for your network size and complexity. Implement proper IP addressing schemes (subnetting).

Troubleshooting:

  • Check IP address and subnet mask
  • Verify default gateway setting
  • Use ping, traceroute/tracert
  • Examine router routing tables
  • Check firewall rules affecting routing

Trick: traceroute works by manipulating TTL (Time To Live) values at the IP header, allowing you to see each router hop (Layer 3 device).

OSI Model: Layers 4-7

Layer 4: Transport

Role: Provides reliable or unreliable end-to-end data transfer between processes on source and destination hosts. Manages segmentation, flow control, and error control.

PDU: Segment (TCP), Datagram (UDP)

Key Functions:

  • Segmentation/Reassembly (breaking data into chunks)
  • Port Addressing (using port numbers to identify applications)
  • Connection Management (TCP connection setup/teardown)
  • Flow Control (managing sender/receiver rate)
  • Error Control (detecting/correcting errors, retransmission in TCP)
  • Multiplexing/Demultiplexing (allowing multiple apps to share link)

Protocols:

  • TCP (Transmission Control Protocol): Connection-oriented, reliable, ordered, flow control, error control.
  • UDP (User Datagram Protocol): Connectionless, unreliable, unordered, no flow/error control (faster).

Examples:

  • A web browser using TCP port 80 or 443 to connect to a web server.
  • Online gaming or video streaming using UDP for speed.
  • TCP retransmitting a lost segment.

Tip: If you can ping a server (L3 works) but an application connection fails (e.g., SSH, HTTP), it’s often a Layer 4 issue related to ports or firewall rules.

Well-known Ports:

  • 20, 21: FTP
  • 22: SSH
  • 23: Telnet
  • 25: SMTP
  • 53: DNS
  • 67, 68: DHCP
  • 69: TFTP
  • 80: HTTP
  • 110: POP3
  • 137-139, 445: NetBIOS/SMB
  • 143: IMAP
  • 161, 162: SNMP
  • 443: HTTPS
  • 3389: RDP

Best Practice: Use TCP for applications requiring reliability (web browsing, email, file transfer). Use UDP for real-time applications tolerating some loss but needing speed (voice, video, gaming, DNS).

Troubleshooting:

  • Check firewall rules blocking ports
  • Use netstat to check open ports/connections
  • Use telnet or nc (netcat) to test port connectivity
  • Check application logs for connection errors
  • Verify transport protocol (TCP/UDP) requirements

Trick: nmap -sT <ip> performs a TCP connect scan, useful for checking if a specific TCP port is open and listening.

Layer 5: Session

Role: Establishes, manages, and terminates communication sessions between applications. Synchronizes data exchange.

PDU: Data

Key Functions:

  • Session establishment/maintenance/termination
  • Dialog control (simplex, half-duplex, full-duplex)
  • Synchronization (adding checkpoints in data stream)

Examples:

  • Setting up a connection for a remote login session.
  • Managing a video conference call, ensuring participants are synchronized.
  • Using API calls to manage a database session.

Protocols/APIs:

  • NetBIOS (Network Basic Input/Output System)
  • RPC (Remote Procedure Call)
  • Sockets (often straddle L4 and L5/L7)
  • PPTP (Point-to-Point Tunneling Protocol)

Note: In many modern network stacks (like TCP/IP), session layer functions are often integrated into the Application (L7) or Transport (L4) layers, making it less distinct than other layers.

Tip: If an application establishes an initial connection (L4 works) but fails to maintain it or crashes unexpectedly, it might be a session layer issue related to how the communication state is managed.

Best Practice: Design applications to handle session interruptions gracefully and implement robust session management logic.

Troubleshooting:

  • Check application logs for session errors
  • Monitor network connection stability over time
  • Verify session timeouts or limits
  • Debug application-level session handling code

Trick: Tools like Wireshark can show session setup and teardown packets, helping diagnose where a session fails to initialize or terminates prematurely.

Layer 6: Presentation

Role: Translates data between the application layer and the network format. Handles data formatting, encryption/decryption, and compression/decompression.

PDU: Data

Key Functions:

  • Data Formatting (e.g., ASCII to EBCDIC)
  • Data Encryption/Decryption (e.g., SSL/TLS)
  • Data Compression/Decompression

Examples:

  • Encrypting sensitive data before sending it over the network (HTTPS).
  • Converting data into a standard format that different applications can understand.
  • Compressing a file before transmission to reduce size.

Protocols/Standards:

  • SSL/TLS (often associated with L7, but handles L6 encryption)
  • JPEG, GIF, TIFF (Image formats)
  • MPEG, QuickTime (Video formats)
  • ASCII, EBCDIC (Text formats)
  • X.509 (Digital Certificates)

Note: Like the Session layer, the Presentation layer’s functions are often handled within Application layer protocols or integrated into lower layers (like TLS encrypting data passed to TCP).

Tip: If data is received but appears corrupted, unreadable, or insecure, it might be a presentation layer issue (e.g., wrong encoding, failed decryption).

Best Practice: Ensure consistent data formats and character encodings are used between communicating systems. Always use encryption (like TLS) for sensitive data transmission.

Troubleshooting:

  • Check data encoding settings
  • Verify encryption keys or certificates
  • Disable/enable compression to test
  • Use network sniffers to inspect data format (if unencrypted)

Trick: Browsers show certificate warnings (related to X.509) which directly relate to Presentation layer security functions (TLS).

Layer 7: Application

Role: Provides network services directly to end-user applications. It’s the layer users interact with.

PDU: Data

Key Functions:

  • Network access for applications
  • Identifying communication partners
  • Determining resource availability
  • Synchronizing communication

Examples:

  • Sending an email (SMTP).
  • Browsing a website (HTTP/HTTPS).
  • Transferring files (FTP).
  • Resolving a domain name (DNS).
  • Logging into a remote server (SSH).

Protocols:

  • HTTP/HTTPS (Web Browsing)
  • FTP (File Transfer Protocol)
  • SMTP (Simple Mail Transfer Protocol)
  • POP3/IMAP (Email Retrieval)
  • DNS (Domain Name System)
  • SSH (Secure Shell)
  • Telnet
  • SNMP (Simple Network Management Protocol)
  • RDP (Remote Desktop Protocol)
  • SMB (Server Message Block)

Note: Applications like web browsers, email clients, and file explorers operate at this layer, implementing the protocols needed to communicate over the network.

Tip: If all lower layers seem to be working (can ping, trace route, connect to ports) but the application itself isn’t functioning (e.g., website loads partially, email client fails to authenticate), the issue is likely at Layer 7.

Best Practice: Ensure application configurations (server addresses, authentication credentials, specific application ports) are correct. Use secure versions of protocols (HTTPS, SSH, SFTP) whenever possible.

Troubleshooting:

  • Check application settings/configuration
  • Verify credentials
  • Check application server status
  • Examine application logs for errors
  • Use application-specific troubleshooting tools
  • Verify DNS resolution (nslookup, dig)

Trick: Browser developer tools (F12) allow you to inspect HTTP requests and responses, directly troubleshooting Layer 7 web issues.

Key Concepts & Comparison

Data Encapsulation

As data moves down the OSI layers from Application (L7) to Physical (L1), each layer adds its own header (and sometimes a trailer) to the data it receives from the layer above. This process is called encapsulation.

Process (Sender Side):

  1. L7 (Application): Data generated by application.
  2. L6 (Presentation): Adds formatting, encryption (Data).
  3. L5 (Session): Manages session (Data).
  4. L4 (Transport): Adds TCP/UDP header (Segment/Datagram).
  5. L3 (Network): Adds IP header (Packet).
  6. L2 (Data Link): Adds Frame header and trailer (Frame).
  7. L1 (Physical): Converts frame into raw bits for transmission.

Data -> L6 Header + Data -> L5 Header + Data -> L4 Header + Data (Segment/Datagram)
-> L3 Header + Segment/Datagram (Packet)
-> L2 Header + Packet + L2 Trailer (Frame)
-> Bits

Process (Receiver Side - De-encapsulation):
As data moves up the OSI layers from Physical (L1) to Application (L7), each layer removes the header (and trailer) added by the corresponding layer on the sender side, processing the information in it, and passes the remaining data up to the next layer.

Bits -> Frame (L2 Header + Packet + L2 Trailer) -> Removes L2 Header/Trailer
-> Packet (L3 Header + Segment/Datagram) -> Removes L3 Header
-> Segment/Datagram (L4 Header + Data) -> Removes L4 Header
-> Data (L5/L6 Headers + Data) -> Removes L5/L6 Headers
-> Data (Application Data)

OSI vs. TCP/IP Model

OSI Model (7 Layers)

  • Application (L7)
  • Presentation (L6)
  • Session (L5)
  • Transport (L4)
  • Network (L3)
  • Data Link (L2)
  • Physical (L1)

TCP/IP Model (4/5 Layers)

  • Application (Maps to OSI L5, L6, L7)
  • Transport (Maps to OSI L4)
  • Internet (Maps to OSI L3)
  • Network Interface (Maps to OSI L1, L2)

Sometimes split into 5 layers: Application, Transport, Network, Data Link, Physical.

Key Differences:

  • Layers: OSI has 7 distinct layers, TCP/IP has 4 or 5 layers with less distinct boundaries between top and bottom layers.
  • Development: OSI was theoretical first, then protocols. TCP/IP was protocol-driven, then the model described it.
  • Usage: OSI is often used as a reference model for teaching/troubleshooting. TCP/IP is the model implemented in the real world (the internet).

Similarities:

  • Both are hierarchical models based on independent layers.
  • Both have Application, Transport, and Network layers.
  • Both models are used to describe network communication functions.

Mapping Example:

  • OSI L7-5 (Application, Presentation, Session) -> TCP/IP Application
  • OSI L4 (Transport) -> TCP/IP Transport
  • OSI L3 (Network) -> TCP/IP Internet
  • OSI L1-2 (Physical, Data Link) -> TCP/IP Network Interface

Note: The TCP/IP model is more practical for describing the actual internet protocol suite, but the OSI model is excellent for understanding the conceptual separation of networking functions.

Best Practice: When troubleshooting, think in terms of the OSI model layers, even if the protocols are TCP/IP based. It provides a structured approach.

Tip: Remember TCP/IP’s core is its protocols (TCP, IP), while OSI is a universal reference framework.

OSI Troubleshooting Methodology

Using the OSI model helps isolate network issues systematically. You can start at either the bottom (Physical) or the top (Application).

Bottom-Up Approach:

  • Start at Layer 1 (Physical): Check cables, connections, link lights.
  • Move to Layer 2 (Data Link): Check MAC addresses, switch ports, VLANs.
  • Move to Layer 3 (Network): Check IP addresses, subnet masks, default gateway, routing.
  • Continue up through L4-L7.
  • Useful when suspecting physical connectivity issues or if multiple services are down.

Top-Down Approach:

  • Start at Layer 7 (Application): Is the application working? Check configuration, logs, authentication.
  • Move to Layer 6 (Presentation): Check data format, encryption.
  • Move to Layer 5 (Session): Check session state.
  • Move to Layer 4 (Transport): Check ports, firewalls, TCP/UDP connection status.
  • Continue down through L3-L1.
  • Useful when suspecting a specific application problem or if only one service is down.

Tips & Tricks:

  • Divide and Conquer: Ping tests confirm L1-L3 connectivity. If ping works, L4+ issues are likely.
  • Check Adjacent Layers: An issue in one layer often manifests as a problem in the layers directly above or below it.
  • Isolate the Problem: Determine if the issue is local or remote, affecting one device or many.
  • Use Layer-Specific Tools: Ping/Traceroute (L3), netstat (L4), Wireshark (across layers), application logs (L7).
  • Document: Keep track of steps taken and results.

Best Practice: Combine both approaches. If a user reports a website is down, start top-down (Can you browse other sites? Is the specific site down?). If you suspect a network-wide outage, start bottom-up (Are lights on the switch? Is the router working?).

OSI Layer Mnemonics

Remembering the 7 layers can be tricky. Here are some popular mnemonics. They list layers from Layer 7 down to Layer 1.
  • All People Seem To Need Data Processing
  • All Pros Share Their Network Design Plans
  • Away People Send Through Network Devices Packets
  • Please Do Not Throw Sausage Pizza Away (L1 to L7)

Your Own: Create one that’s easy for you to remember!