Network Fundamentals Foundational

OSI Model & TCP/IP

Two networking reference models compared side-by-side. The seven OSI layers, the four TCP/IP layers, and which one the real internet actually runs on (spoiler: not OSI).

TL;DR

OSI is a seven-layer textbook reference model. TCP/IP is the four-layer model the real internet uses.
Most network troubleshooting happens at layers 1 through 4 — cables, frames, packets, segments.
Knowing the layers gives you a vocabulary for describing where in the stack a problem lives.

Mental model

The OSI model is a teaching tool. Nobody actually built the internet to OSI’s seven layers — TCP/IP, with its four layers, came first and won. But OSI’s seven-layer breakdown is so good at describing what a network does that everyone in the industry still uses the layer numbers when talking about problems.

When a senior engineer says “that’s a layer-3 issue”, they mean it’s an IP routing problem. “Layer 2” means switching, MAC addresses, VLANs. “Layer 7” means application-level (HTTP, DNS, SSH). Learning the layers gives you that vocabulary.

The seven OSI layers, in plain English

#	Layer	What lives here	Example
7	Application	The app you’re using	HTTP, DNS, SMTP, SSH
6	Presentation	Format / encryption	TLS, ASCII, JPEG
5	Session	Conversation state	SSL session, NetBIOS
4	Transport	End-to-end reliability + ports	TCP, UDP
3	Network	Logical addressing + routing	IP, ICMP, OSPF
2	Data Link	Local frame delivery + MAC	Ethernet, 802.1Q, ARP, STP
1	Physical	Bits on wire / radio	Cat6 cable, 1000BASE-T, RJ-45

The exam mnemonic: All People Seem To Need Data Processing (top to bottom). Or the cleaner: Please Do Not Throw Sausage Pizza Away (bottom to top).

The four TCP/IP layers — what actually exists

TCP/IP Layer	Maps to OSI	What it is
Application	5 + 6 + 7	All the app protocols smushed together
Transport	4	TCP and UDP. Ports live here.
Internet	3	IP, ICMP. Routing happens here.
Network Access	1 + 2	Ethernet, Wi-Fi, fiber — the wire and the frame format

If you’re reading an RFC or vendor doc, you’ll see TCP/IP terms. If you’re talking to a CCNA instructor or troubleshooting a ticket, you’ll hear OSI numbers. Be fluent in both.

How layers actually wrap each other (encapsulation)

When your laptop sends an HTTP request, each lower layer wraps the data from the layer above it:

[ HTTP request from browser           ]    ← Layer 7 payload
[ TCP header | HTTP                   ]    ← Layer 4 wraps it
[ IP header  | TCP header | HTTP      ]    ← Layer 3 wraps it
[ ETH header | IP | TCP | HTTP | ETH-trailer ] ← Layer 2 wraps the lot
[ bits on wire ──────────────────────► ]   ← Layer 1

The receiver unwraps in the reverse order. Each layer reads its own header, strips it, and passes the rest up.

The CCNA-favorite terms for the wrapped unit at each layer:

Layer 7 payload: data
Layer 4: segment (TCP) or datagram (UDP)
Layer 3: packet
Layer 2: frame
Layer 1: bits

Practical use — naming problems by layer

When a user says “the internet is down”, the goal is to figure out which layer broke. Top-down or bottom-up, both work — pros usually go bottom-up because lower layers being broken makes higher layers irrelevant.

Symptom	Layer	What to check
Cable physically unplugged	1	`show interfaces` for “line protocol down”
Port up, no traffic flowing	2	MAC table, STP state, VLAN assignment
Can ping local gateway, can’t ping outside	3	Routing table, ACLs, default route
Can ping by IP but not by hostname	7	DNS resolution
Web works, SSH doesn’t	4–7	Firewall / ACL on specific ports

Common mistakes

Mixing up OSI and TCP/IP layer numbers. TCP/IP doesn’t have layer numbers — saying “layer 5 of TCP/IP” is nonsense. Use OSI numbers (1–7) when numbering.
Calling ARP a Layer 3 protocol. It uses IP info but operates on MAC addresses — it’s Layer 2 (or 2.5, depending on who you ask).
Putting routing at Layer 2. Switches are Layer 2 (MAC). Routers are Layer 3 (IP). A “Layer 3 switch” is a switch with routing capabilities — it does both.
Calling everything above Layer 4 “the application”. Strictly, sessions and encryption are 5 and 6. In practice TCP/IP collapses them, but for the CCNA exam know the OSI distinctions.
Forgetting the OSI model is descriptive, not prescriptive. Real protocols often span layers or skip them. The model is for thinking, not for strict classification.

Lab to try tonight

Open Wireshark and capture traffic on your laptop’s interface.
Open a web page — capture for 30 seconds.
Pick one HTTP packet. Expand the layers in Wireshark — you’ll see Ethernet (L2), IP (L3), TCP (L4), HTTP (L7).
Note the source/destination at each layer: MAC at L2, IP at L3, port at L4, URL at L7.
Bonus: open a DNS query packet. Note how DNS uses UDP at L4 (not TCP) and lives at L7.

Cheat strip

Layer	Number	Sticks in memory as
Physical	1	Cables and bits
Data Link	2	Frames and MAC addresses (switches)
Network	3	Packets and IP addresses (routers)
Transport	4	Ports — TCP (reliable) or UDP (fast)
Session	5	Conversation state
Presentation	6	Encryption + formatting (TLS, JPEG)
Application	7	The thing the user clicked

Next topic →

Cisco IOS Device Management

How you actually log into and configure a Cisco device. Covers console / SSH / Telnet access, command modes (user / privileged / config), saving config, banners, the password types, and modern best practices for line security.

Master this on a real network

Want this drilled into reflex?

1:1 weekly sessions, live feedback on your labs, and US interview prep — built around the CCNA® exam blueprint. Free first session. No card on file until you decide.

Claim my free session →

One topic per email, every fortnight

VLANs, OSPF, ACLs, subnetting, automation — written like this. Unsubscribe in one click.

We respect your inbox. One email per week, max. Unsubscribe any time.