CompTIA Network+ Certification Guide

5 (2 reviews total)
By Glen D. Singh , Rishi Latchmepersad
    Advance your knowledge in tech with a Packt subscription

  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. The OSI Reference Model and the TCP/IP Stack

About this book

CompTIA certified professionals have always had the upper hand in the information technology industry. This book will be your ideal guide to efficiently passing and achieving this certification. Learn from industry experts and implement their practices to resolve complex IT issues.

This book revolves around networking concepts where readers will learn topics like network architecture, security, network monitoring, and troubleshooting. This book will not only prepare the readers conceptually but will also help them pass the N10-007 exam. This guide will also provide practice exercise after every chapter where readers can ensure their concepts are clear.

By the end of this book, readers will leverage this guide and the included practice questions to boost their confidence in appearing for the actual certificate.

Publication date:
December 2018


The OSI Reference Model and the TCP/IP Stack

The Internet—the largest computer network in the world today, is constructed from several protocols and protocol suites that work together to allow users (like you and I) to communicate across the globe. A protocol is simply a rule, or a collection of rules and conventions, that a device (such as your computer) follows in order to communicate with other devices around the world (which follow those same rules). A protocol suite is simply a collection of these rules, which work together to allow complex applications on networking devices (for example, web browsers on your computer) to communicate with billions of other devices around the world, through an assortment of networking equipment and media:

In this chapter, we will discuss two protocol suites in particular that have largely influenced the internet as we know it today:

  • The Open Systems Interconnection (OSI) reference model
  • The Transmission Control Protocol/Internet Protocol (TCP/IP) suite

Although these two protocol suites possess significant differences between them, they both serve as important blocks in the foundation of the internet, and, as such, they both continue to exist as important concepts that budding Network Engineers and System Administrators must understand and appreciate if they wish to become exceptional in their careers.

By understanding these two protocol suites, professionals add an important tool to their arsenal of network troubleshooting weaponry; namely, a systematic, step-by-step approach to be followed in the diagnostic processing of any networking issue, which both simplifies and speeds up the process of pinpointing the root cause of an issue and the rectification of the situation. These suites allow both equipment vendors and Network Engineers to segment the operation of a network into several discrete modular parts or layers, and deal with each layer individually. This allows us to focus on a single part of a system at a time, thus greatly simplifying the development and troubleshooting of networking equipment.

To illustrate this concept in a real-life scenario, consider the following situation—you're a System Administrator in a small IT firm. It's 4 o'clock on a Friday evening and you're excited to clock out and start your weekend. Suddenly, your Syslog Server starts sending emails to all the administrators in your team, complaining about a reachability issue regarding a particular server in your datacenter. Your co-workers immediately begin to panic, knowing that several employees have already left and that they'll likely be working late on a Friday evening. However, since you've mastered your protocol suites, you immediately locate the server and begin troubleshooting the issue from the Physical Layer upwards, quickly locating a disconnected cable to the server and saving your team a lot of troubleshooting time and stress:

For the rest of this chapter, we will first discuss the OSI reference model, delving into a bit of its history and the combination of factors and entities that led to its development and subsequent publication in 1984, before discussing each of the seven layers of the developed model in detail, explaining the purpose of each of the layers and illustrating how each of the layers interact to effect communication between devices across a network. We will then introduce the TCP/IP protocol suite, comparing and contrasting it to the OSI reference model, and similarly explaining and illustrating how each of the layers plays a vital role in transmitting messages across a network. Lastly, we will conclude this chapter with a set of practice questions, which will allow you to test how much information you've retained about the content we've covered in this chapter.


The OSI reference model

Development of the OSI reference model began in the late 1970s in response to the amalgam of proprietary, non-interoperable networking equipment and protocols that vendors were creating at that time. Networks had to be built entirely out of equipment from a single vendor, since networks built from equipment from different vendors could not easily be interconnected. The OSI reference model was thus designed as one solution to this interoperability problem. The development of this model was fueled by two teams—one from the International Organization for Standardization (ISO), and the other from the Consultative Committee for International Telephony and Telegraphy (CCITT). The aim of the model was to become a global framework for protocol development, allowing a diverse array of networking and computing architecture to easily interconnect and communicate.

The standard describing the model, titled ISO/IEC 7498-1, was initially published in 1984, with a second edition succeeding it in 1994.

The OSI reference model described by the standard consists of seven layers:

  • The Application Layer (layer 7)
  • The Presentation Layer (layer 6)
  • The Session Layer (layer 5)
  • The Transport Layer (layer 4)
  • The Network Layer (layer 3)
  • The Data Link Layer (layer 2)
  • The Physical Layer (layer 1)

With this model in mind, protocol developers create their protocols for a specific N layer. At this particular layer, termed layer N, a protocol may communicate with other protocols at the same layer, but may not communicate with protocols at other layers directly. A protocol at layer N only utilizes the services provided by the layer following it (N-1 layer), and provides its services to the layer preceding it (N+1 layer):

At each N layer, protocols act on several bits of data, specifically:

  • Protocol Control Information (PCI): Information communicated among entities at a specific N layer
  • User Data (UD): Data transmitted between entities at a specific N layer on behalf of the entities above them at layer N+1, for whom they are providing services
  • Protocol Data Unit (PDU): A unit of data specified in a protocol at a layer N, consisting of both PCI and UD
  • Service Data Unit (SDU): Some information that is preserved through the lower layer N when transmitted between entities at the higher N+1 layer

Relationship between the Protocol Data Unit (PDU) and Service Data Unit (SDU)

To understand the relationship between this data, consider the following diagram of data being passed down from the upper layers to the lower layers during transmission of data from a sender to a receiver.

Data is passed down from a higher Layer N+1 to the current Layer N and becomes an SDU at the current layer. Layer N then adds its bits of PCI and UD (if present), and combines all of this data into a new PDU, which is to be passed down again to the lower Layer N-1 to become a new SDU at that lower layer. This process is termed encapsulation, as each SDU is encapsulated (contained) in a new PDU at the lower layers.

This process of encapsulation continues until the data reaches the lowest layer (the Physical Layer), at which point the data is transmitted over transmission media as a signal until it reaches the intended recipient. Then, the reverse process of decapsulation occurs. During this decapsulation process, protocols at each layer strip off the PCI and UD that are applicable to their layer, and pass the remaining SDU upwards to the higher layers, thereby delivering the data required by the upper layers and thus providing their services to the higher layers.

To understand this concept, consider that Alice, existing at Layer N+1, in this example wants to mail a letter to her friend Bob also existing at Layer N+1 in another country. Alice writes her letter, places it in an envelope, and hands it to the mailman for delivery. The mailman existing at Layer N collects the envelope from Alice and adds it to a pouch of other envelopes that are destined for that country, ensuring that it has all of the necessary information that the other mailmen might need. He then hands the pouch to the team responsible for airmail existing at Layer N-1. This airmail team then places the pouch in a box, ensuring that it has all of the information that their own teams need, and delivers the box to the destination country. The airmail team in the destination country then reads the addressing information that they need, removes the pouch from the box, and passes it up to the mailman in their area. The mailman, in turn, reads the address on the pouch and removes the envelope from the pouch, finally delivering just the envelope to Bob.

In this example, Bob has no idea about the pouches and boxes used to deliver Alice's letter; he only reads the actual letter that Alice has sent. In the same way, higher-level protocols in protocol suites are independent of the protocols below them, allowing certain protocols to be updated or changed without requiring the protocols at other layers to be changed as well.

Additionally, by using this layered OSI model, functionality of a complex networking or computing system can be broken up and grouped into each of the layers, with similar functions being collected in a single layer. This allows an engineer to easily describe the workings of that system by beginning at either the top or bottom or the model and working their way to the other end, describing the function or group of functions provided at each layer as they move through the model.

This concept becomes incredibly important to an engineer or administrator during the troubleshooting process. Rather than randomly trying things in an attempt to diagnose and solve issues on a system, engineers and administrators are now able to begin at one end and work through protocols at each layer, thereby developing a logical methodology for troubleshooting. CompTIA refers to this as the top-to-bottom, or bottom-to-top, troubleshooting methodology.

In the next section, we will discuss each of the layers of the OSI model in detail, which will help you understand which protocols can be grouped into which layers, and thus determine the steps to take in troubleshooting the protocols comprising a system.

The seven layers of the OSI model

The following diagram illustrates the seven layers of the OSI model. Communication between peer protocols (protocols at the same layer in different systems) is established using the same processes of encapsulation and decapsulation that we discussed previously. Remember that protocols may communicate with protocols in remote systems at the same layer, but not with protocols in different layers of those remote systems. PDUs are therefore exchanged between corresponding layers in remote systems referred to as open systems in the OSI model through physical media interconnections, allowing networking and computing devices to communicate all the way around the world:

Professionals and students alike have come up with several mnemonics and acronyms to help them remember the names of each of the layers. One such mnemonic is All People Seem To Need Data Processing, with the first letter of each word in the mnemonic corresponding to the first letter of each word in the OSI model. Feel free to make up your own method of remembering these layers!

Before delving into descriptions of each of the individual layers, it is important to distinguish between two important terms that often arise in discussions of protocol stacks—connection-mode transmissions and connectionless-mode transmissions. In a connection-mode or connection-oriented transmission, an association must first be established between two or more peer protocols before data can be transferred between these peer protocols. In contrast, in connectionless-mode transmissions, data may be transferred between peer protocols without a prior connection establishment.

Now, let's explore what each of these layers are actually responsible for.

Application Layer

The Application Layer (layer 7) is the highest layer in the OSI reference model (although you may sometimes hear coworkers joke about end users being the theoretical eighth layer). This is the layer that most end users of networks and systems are familiar with, as it is responsible for directly providing services to application processes or programs that we use on a day-to-day basis. This layer also encompasses any other services that are not provided by the lower layers. This includes functions of programs, as well as end users (the people using these devices). As the highest layer in the model, the Application Layer provides the means for processes and end users to access and interact with the OSI protocol stack. Applications and protocols that we utilize in our machines (such as web browsers and email clients) are categorized in this layer. Devices such as desktop computers, mobile phones, and special layer 7 or Application Layer firewalls operate at this layer. Common protocols at this layer include X.500 (used to provide electronic directory services) and X.400 (a message handling system).

Presentation Layer

The Presentation Layer (layer 6) follows, and is responsible for how information is represented while it's being transferred between Application Layer entities. This method of data representation is called the transfer syntax. Remember that lower layers in the protocol stack provide services to upper layers in the stack. In this case, the Presentation Layer makes a set of transfer syntaxes, which are available to the Application Layer. This layer therefore provides services such as encryption (ensuring that data is not easily readable while being transferred), decryption (making the data readable again), and translation of data between different structures. One protocol that exists at this layer is the X.216 protocol (the presentation service).

Session Layer

The Session Layer (layer 5) is the next layer in the OSI model. This layer is responsible for providing presentation layer protocols with a means to organize and synchronize their communication. This layer allows protocols above it to establish session connections, to exchange data in an orderly fashion, and to finally tear down or release the connection. Additionally, this layer may provide other services such as exception handling services (generating error dialogues when problems occur with the connection). An example of a protocol that exists at this layer is the X.215 protocol (the session service).

Transport Layer

Below the Session Layer is the Transport Layer (layer 4). This layer in the model is responsible for the transparent transferring of data between protocols at the session layer, providing a reliable and cost-effective means of transferring data from the preceding layers. This layer determines how best to utilize the available resources below it (the network services) in order to meet the performance demands of the session layer protocols above it. The Transport Layer assigns transport addresses to each Session Layer protocol that requires its services, and then uses these addresses to establish communication between Session Layer protocols. This communication may be connection-oriented or connectionless, and may allow multiple connections to the same Session Layer protocol. This layer may additionally provide services such as data segmentation (the breaking up of large chunks of data into smaller pieces), the generation of acknowledgements (providing a message when a chunk of data is delivered), and data reordering (ensuring that data is processed in the correct order on the receiving side). Examples of protocols at this layer include X.224 (the connection-mode service protocol) and X.234 (the connectionless-mode service protocol).

Network Layer

The next layer in the OSI reference model is the Network Layer (layer 3). This layer is responsible for providing the means to establish, maintain, and tear down network connections between network devices and computing systems in an interconnected system. It provides a means to transparently transfer data between transport layer protocols in different machines. This transportation of data is facilitated by network addresses, which uniquely identify each end system in an OSI interconnected system. The OSI model stipulates that network connections at this layer must be point-to-point (from a single system to only one other system), although it supports complex physical networking configurations.

Additionally, the Network Layer provides services for routing and relaying (moving data around networks and subnetworks), and error detection and recovery. Devices that operate at this layer include routers and layer 3 switches. Examples of protocols at this layer include the Intermediate System to Intermediate System (IS-IS) intra-domain routing protocol and the End System to Intermediate System (ES-IS) routing exchange protocol.

Data Link Layer

The Data Link Layer (layer 2) is the next layer in the reference model. This layer is responsible for the provision of both connection-oriented and connectionless communications among network protocols, through the transfer of data link SDUs. The connections in this layer are also facilitated by addresses called (unsurprisingly) data link addresses. These addresses provide a means for Network Layer protocols to identify each other, and to establish data link connections between themselves. In addition to setting up these connections, the data link layer also provides error notifications, sequence control (ordering of bits of data), and Quality of Service (QoS) parameters. These QoS parameters may allow a network protocol to specify certain requirements, such as the minimum throughput (speed at which data is transferred across a link) or the maximum tolerable error rate on the link. This layer can be further segmented into two sub layers—the Medium Access Control (MAC) and the Logical Link Control (LLC) sub layers. The LLC is responsible for providing addressing, flow control, error detection, and identification of which Network Layer protocol is utilizing the services at the Data Link Layer, while the MAC controls how hosts access the physical media. Devices that operate at this layer include switches and bridges. One example of a Data Link Layer protocol is the X.212 data link service protocol.

Physical Layer

Lastly, at the very base of the OSI model, exists the Physical Layer. This layer provides the electrical, mechanical, and functional methods to move the actual bits of data (the 1s and 0s that encompass data in its raw forms) between networking and computing devices in order to facilitate the transparent transmission of bit streams between Data Link protocols. This movement of data is supported by various forms of media (both wired and wireless). Examples include copper cables or wireless channels. Data being transmitted across these various forms of media may flow in either half-duplex mode (in one direction at a time) or in full-duplex mode (in both directions simultaneously). Devices that operate at this layer include hubs and repeaters.

Communication using the relay system

Together, these seven layers work in tandem to facilitate communication across end systems. The top four layers (the Application, Presentation, Session, and Transport Layers) are generally considered to be the upper layers, while the lower three layers (Network, Data Link, and Physical Layers) are considered to be the lower layers. It is important to note that not all seven layers are required to be implemented on all of the devices that are present in the network. Some devices simply act as relay agents, supporting the lower layer protocols, while not decapsulating and processing the upper layers:

To illustrate the preceding diagram, consider that the two end devices being used are computers. Applications (such as web browsers) run on these computers and communicate at layer 7, but data for those applications may pass through relay devices that cannot run these applications. These relay devices may be equipment such as routers (devices that read addresses at the Network Layer and move packets between networks) or switches (devices that read addresses at the Data Link Layer and move frames between their ports). Routers, switches, broadcast domains, and collision domains will be discussed in depth in later chapters.

Now that we've explored the seven layers of the OSI reference model and described how systems exchange data using the processes of encapsulation and decapsulation, let's take a step back and establish some context for what we've learned. The OSI model, while being an important tool for explaining concepts and helping professionals develop methodical approaches to troubleshooting, is not widely implemented in the industry today. The reasons for this are numerous, but the most important factor is the existence of a second suite of protocols called the TCP/IP protocol suite or, alternatively, the IP suite. However, the distinctions between both models is often blurred, and many professionals combine the concepts of the OSI reference model with the devices and protocols that are in use today.

You can read more about the battle between the OSI and TCP/IP models at

In the following section, we will examine this ubiquitous IP suite and consider how it compares to the OSI reference model.


The TCP/IP protocol suite

The IP suite, also called the TCP/IP protocol suite because of two of the key protocols in the stack, TCP and IP, is described in RFC 1122. The Internet Engineering Task Force (IETF) frequently publishes these technical documents related to the internet in the form of Request For Comments (RFCs).

You can read the entire RFC 1122 at

In this RFC, the TCP/IP suite is defined as consisting of four layers:

  • Application Layer (layer 4)
  • Transport Layer (layer 3)
  • Internet Layer (layer 2)
  • Data Link Layer (layer 1)

We can immediately notice some key differences between both models. The OSI model we discussed previously consisted of seven layers, while this TCP/IP model consists of only four. The Presentation and Session Layers of the OSI model have been absorbed into the Application Layer, while the Physical and Data Link Layers of the OSI model have been combined to form the Link Layer here. The Internet Layer corresponds to the Network Layer of the OSI model, while the Transport Layer remains unchanged. This simplified structure of TCP/IP was actually a key factor in its dominance over the OSI model.

However, in spite of these differences, many of the concepts we discussed in the OSI reference model are also applicable to the TCP/IP suite. Applications still utilize the concepts of encapsulation and decapsulation that we discussed previously, and protocols at a particular layer still communicate with protocols at that same layer in end hosts (called internet hosts in the RFC). In the following section, we will dive into these layers in more detail, and show you how the applications we use every day utilize the TCP/IP protocol suite to transmit data to and from applications on other hosts across the internet.

The four layers of the TCP/IP protocol suite

The following diagram serves to illustrate the four layers of the TCP/IP protocol suite and to build upon the knowledge we gained during our study of the OSI reference model to illustrate data flows through each of the layers during the process of encapsulation. At each layer, data is passed down to the layer directly underneath and becomes an SDU or payload at that lower layer. A header, containing information that this lower layer requires, is then added to the SDU/payload, before the process is again repeated for the layer below it. Once the data reaches the Link Layer, it is transmitted across physical media before the reverse process of decapsulation begins:

Let's briefly discuss each of the layers that comprise the TCP/IP protocol suite:

  • Application Layer: At the very top of the protocol stack exists the Application Layer. The programs that we use every day on our desktop computers and mobile devices exist at this layer. For example, every time you request a web page in your browser, you use the Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) protocol. Protocols at this layer create data that needs to be transmitted to or received from other internet hosts.
  • Transport Layer: The Transport Layer exists just below the Application Layer, and serves to provide the means for Application Layer protocols above it to transfer data. Devices such as desktop computers and mobile devices also run Transport Layer protocols. There are two well-known protocols at this layer—TCP and the User Datagram Protocol (UDP). TCP provides connection-oriented transmission of data, requiring a connection to be set up between internet hosts before data can be transmitted, but also providing features such as reliable, in-sequence delivery of data. UDP, on the other hand, is a connectionless protocol that does not require any setup before data can be transmitted, but also does not offer features such as guaranteed delivery of data. Applications access the services of Transport Layer protocols (and, by extension, lower layer protocols) through logical ports. For example, the HTTP protocol uses the well-known TCP port 80. The concept of logical ports and which protocols are associated with which well-known ports will be discussed in more detail later.
  • Internet Layer: The Internet Layer exists just below the Transport Layer, and provides the service of moving data from the Transport Layer across networks, using forms of internet addressing. IP has become the most utilized protocol at this layer, and you are certain to deal with IP addresses from both version 4 of the protocol, IPv4, as well as version 6, IPv6. Other protocols that exist at this layer are the Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP). Devices that operate at this layer include routers and layer 3 switches.
  • Link Layer: At the bottom of the TCP/IP protocol suite, we will find the Link Layer. This layer operates only on the local segment that a host is physically connected to, and is responsible for delivering data between devices that are connected in the same local segment/network. Protocols at this layer include the Address Resolution Protocol (ARP), Ethernet, and the Neighbor Discovery Protocol (NDP).

Now that we've covered the services that each layer in the TCP/IP protocol suite provides, let's see how applications can use these layers to actually communicate.

Communication using the TCP/IP protocol suite

The communication using the TCP/IP protocol suite can be seen in the following diagram:

This preceding diagram combines all of the concepts we discussed previously. For a host to transmit messages, application messages/data are encapsulated down the protocol suite. At the Transport Layer, PDUs being transmitted between hosts are commonly called TCP segments or UDP datagrams, depending on which Transport Layer protocol is being used. At the Internet Layer, PDUs are termed IP packets, or simply packets, while PDUs transmitted between Link Layers are termed Ethernet frames, or simply frames, which are then transmitted out the wire as bits (or grouped together to form bytes). The following screenshot shows how Wireshark, a popular tool used to analyze protocols, categorizes data according to protocols that have been arranged in the same layers we have discussed:



In this chapter, we've covered the OSI reference model and the TCP/IP or IP suite, explaining why these models are significant in the field of networking and how data is actually transmitted across networks by using protocols implemented at the different layers. In the next chapter, we will discuss how communication occurs on a network in more depth by using the various network ports, protocols, and topologies.



  1. How many layers constitute the OSI reference model?
    1. 4
    2. 7
    3. 5
    4. 1
  1. A technician is troubleshooting a connectivity problem on a host machine and his manager asks him to troubleshoot using the bottom-to-top methodology. What layer of the OSI model should he start at?
    1. The Data Link Layer
    2. The Network Layer
    3. The Application Layer
    4. The Physical Layer
  2. An engineer has captured the following output from a host machine:

Which layer of the OSI reference model is this output most applicable to?

    1. The Transport Layer
    2. The Network Layer
    3. The Application Layer
    4. The Session Layer
  1. A network architect has designed a plan for connecting hosts in a new office, but he has realized that he needs to provide more physical ports for these hosts. Which of the following layer 2 devices would be most appropriate to provide these ports?
    1. A router
    2. A switch
    3. A hub
    4. A WAP
  2. Which sub layer of the Data Link Layer controls which host is allowed to access a shared Ethernet link at a particular point in time?
    1. The LLC sub layer
    2. The MAC sub layer
    3. The IP sub layer
    4. The UDP sub layer
  3. An engineer is examining frames from a particular host machine that is exhibiting issues on the network, and notices that headers from higher-level protocols are present in the frame. This is due to the process of:
    1. Decapsulation
    2. Connectionless transport
    3. Encryption
    4. Encapsulation
  4. A security administrator has received notice that management wishes to block access to a particular application on port 80, but not interfere with other traffic communicating through that same port. What device will be most suitable to implement this rule?
    1. A router
    2. A switch
    3. An L7 firewall
    4. An L3 firewall
  5. A network administrator is analyzing TCP traffic in an effort to better understand connection-oriented transmissions. What types of PDUs should he be analyzing?
    1. Frames
    2. Datagrams
    3. Segments
    4. Packets
  1. The leader of the fiber team has just called to report that a truck has pulled down overhead cables in a particular area, and that services will be interrupted until splicing works can be completed. What layer of the OSI model can this be best classified as?
    1. Physical
    2. Application
    3. Transport
    4. Network
  2. An engineer has purchased a wireless repeater that works by simply retransmitting the bits that it receives over its coverage area. What layer does this device most likely operate at?
    1. Network
    2. Data Link
    3. Application
    4. Physical

About the Authors

  • Glen D. Singh

    Glen D. Singh is a cybersecurity instructor and an InfoSec author. His areas of expertise are cybersecurity operations, offensive security tactics, and enterprise networking. He is a holder of many certifications, including CEH, CHFI, PAWSP, and 3xCCNA (in CyberOps, Security, and Routing and Switching).

    Glen loves teaching and mentoring others, and sharing his wealth of knowledge and experience as an author. He has written many books that focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response (IR), implementing security solutions, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.

    Browse publications by this author
  • Rishi Latchmepersad

    Rishi Latchmepersad is a Tier II data center engineer in the IP team at Air Link Networks, a medium-sized, Miami-based ISP that provides a number of video, co-location, and dedicated internet access facilities for numerous customers in the western-hemisphere. Rishi works alongside his team to manage the core IP network, managing infrastructure in a multi-vendor environment across several geographically diverse sites. Before taking on this role, Rishi worked at the University of the West Indies to develop a small network management solution (NMS) to measure several KPIs across a network by employing small probes in the network.

    Browse publications by this author

Latest Reviews

(2 reviews total)
I bought this book for the 100% coverage of the test content.
Awesome read...easy to understand

Recommended For You

CompTIA Network+ Certification Guide
Unlock this book and the full library for FREE
Start free trial