I would like to write some posts on Networking Basics. One of the first things someone should try to understand is the OSI model. It is used to reference different technologies in security and in networking, you might have heard someone saying “It’s a layer 3 issue” or “That is at layer 2” what they are referring to is the OSI model and its different layers. The OSI model has a total of 7 layers as shown below.
Different protocols and networking devices work at a certain layer within the OSI model, for example, a router would be a layer 3 device while the TCP protocol is found at the transport layer which is at layer 4. The OSI model was developed so that a network device from vendor A would work with vendors B device there would be no interoperability issues as there would be if they went off and used their own protocols and rules.
Let us start of layer 7 the Application layer and work our way down the OSI model. Going down the OSI layers is known as encapsulation, each layer is encapsulated by the next layer and that layers header is added as it is passed down each layer, the opposite happens when data is being received and the data is then decapsulated as it is passed up the layers, note you can’t skip any of the layers all 7 are used.
Application Layer (7)
The application layer is made up of different applications like HTTP, DNS, SSH, FTP etc the application isn’t the browser itself it is the layer 7 protocol that is used with the browser, for example, HTTP and HTTPS.
Presentation Layer (6)
The presentation layer is used to make sure that the data that is being presented up to the application layer is in the correct format for it to be able to read the data correctly. It also handles encryption and data compression.
Session Layer (5)
The session layer keeps track of all the different sessions, think of a web server and all the clients that are accessing that resource the web server has to keep track of each session and who it belongs to.
Transport Layer (4)
The transport layer is used to transport traffic between two devices, there are two main protocols used at the transport layer TCP and UDP. TCP is the Transmission Control Protocol and is used to deliver traffic reliably if a packet is lost along the way it will be retransmitted so no parts of the packet are missing. UDP is the User Datagram Protocol and is unreliable it is used a lot with real-time applications such as Voice services or Streaming video if a packet is lost in the transmission that is ok it can be tolerated.
Network Layer (3)
The network layer is where IP addressing lives which includes IPv4 and IPv6 versions. A router is called a layer 3 device and its job is to route packets between different networks, it does this by using routing protocols such as RIP, OSPF, BGP, or you can add static routes which is fine in very small networks but in large networks it doesn’t scale well at all and this is when routing protocols are used mostly.
Data Link Layer (2)
The data link layer is used to deliver frames to the correct device on a network. Each device in an Ethernet network will have a unique MAC address and it is used to deliver frames to the correct device. A switch is a layer 2 device and is used to connect 100s of PCs, laptops, printers etc to a network and its job is to manage all those connections and deliver the traffic to the end device, it does this by building a MAC address table which maps MAC addresses to a physical port to which the end device is attached to.
Physical Layer (1)
The physical layer used to put the traffic from the upper layers onto the wire i.e cable towards its destination.
If we take an example of this process from start to finish were a client (PC) requests a webpage from a web server.
- The user on the PC opens up a web browser and types in their favourite web URL in the browser such as http://www.cybersecuritylabs.net and hits enter. The web browser will use the HTTP protocol at layer 7 to request this page from the web server.
- The presentation layer will make sure that the request is in the correct format.
- The session layer will keep this session from the client separate from others.
- At the transport layer depending on the application in use either TCP or UDP will be used. In my case, it will be TCP as you want a reliable connection between the client and the server to make sure all data is delivered correctly and nothing is missing otherwise the web page could have pieces of data missing which would make the requested webpage look odd and hard to understand. It is the application in use that tells the transport layer which protocol to use either TCP or UDP.
- This is where IP packets are built. At the network layer, my IP address will be the source address of the request and the destination address will be the web servers address, to get the destination address of the website DNS is used to look up the URL http://www.cybersercuritylabs.net and from that it gets the IP address. DNS makes it easier for us humans to navigate the web, trying to remember IP addresses would be much harder than remembering web addresses.
- At the data link layer, Ethernet is used in most networks today and each device in an Ethernet network has a unique MAC address. A layer 2 Frame is built here with my MAC address as the source and the servers MAC address of the destinations.
- Finally, the data from the upper layers are converted to bits and placed on the wire to be delivered to its destination.
Any questions please leave a comment.