Back to Home

OSI TCP/IP Network Models: Protocols and Vulnerabilities

The reference combines OSI and TCP/IP models with protocol tables. Describes layers, PDU, purpose, vulnerabilities, and tools. Useful for developers working with networks.

Guide: OSI vs TCP/IP and Key Network Protocols
Advertisement 728x90

# Reference Guide to OSI, TCP/IP Network Models and Protocols for Developers

The OSI model defines seven layers for structuring network interactions, while TCP/IP simplifies it to four. This helps understand how data is transformed at each stage: from bits at the physical layer to user data at the application layer.

| OSI Layer | TCP/IP Layer | PDU | Purpose |

|-------------|----------------|-----|------------|

Google AdInline article slot

| 7. Application | 4. Application | Data | Interface for applications and services: HTTP, HTTPS, FTP, SMTP, DNS, SSH, IMAP, POP3, TFTP, NTP, DHCP, SNMP, BGP, RIP |

| 6. Presentation | Combined into Application | Data | Data syntax: encryption, compression, encoding (TLS/SSL, ASN.1, XDR, MIME) |

| 5. Session | Combined into Application | Data | Session management (NetBIOS, RPC, PPTP, SOCKS, SDP) |

Google AdInline article slot

| 4. Transport | 3. Transport | Segment/Datagram | Reliable or fast delivery: TCP, UDP, SCTP, QUIC |

| 3. Network | 2. Internet | Packet | Routing: IP (IPv4/IPv6), ICMP, OSPF, EIGRP, IPsec, GRE, IGMP |

| 2. Data Link | 1. Network Access | Frame | Local delivery by MAC: Ethernet, Wi-Fi, PPP, HDLC, Frame Relay, STP, LACP, PPPoE |

Google AdInline article slot

| 1. Physical | Included in Network Access | Bit | Signal transmission: cables, radio waves, hubs, USB, RS-232 |

Detailed Overview of Data Link Layer Protocols

The data link layer provides delivery within a LAN using MAC addresses. Ethernet (IEEE 802.3) forms frames in Ethernet II (DIX) format, vulnerable to VLAN Hopping, ARP Spoofing, MAC Flooding. Tools: ip link, ethtool, wireshark.

Wi-Fi (IEEE 802.11) operates on 2.4/5/6 GHz, vulnerable to WPA2/WPA3 Cracking, Evil Twin, Deauthentication. WPA2 uses AES-CCMP, WPA3 uses SAE to protect against brute-force. Commands: aircrack-ng, iw, wpa_supplicant.

  • VLAN (IEEE 802.1Q): Adds a 4-byte tag to the Ethernet frame. Risks: VLAN Hopping, Double Tagging. Configuration: ip link add link ... type vlan.
  • ARP: Broadcast request for IP-to-MAC. Vulnerabilities: Spoofing, Cache Poisoning. Check: arp -a, arping.
  • PPP: LCP for the link, NCP for protocols, PAP/CHAP. Risks: Credential Theft. Management: pppd, pon/poff.
  • STP/RSTP/MSTP: Blocks loops, RSTP speeds up convergence. Attacks: Root Bridge Hijacking, BPDU Flooding.
  • LACP (802.3ad): Link aggregation. Issues: Misconfiguration, Hash Collision.
  • LLDP/CDP: Neighbor discovery, risks Information Disclosure. lldpctl, show cdp neighbors.
  • PPPoE: PPP over Ethernet for WAN (DSL, FTTx). Vulnerabilities: Session Hijacking.

Network Layer Protocols and Routing

The network layer handles internetwork routing. IPv4/IPv6: 32/128-bit addresses, SLAAC in IPv6. Attacks: IP Spoofing, NDP Spoofing. Diagnostics: ping, traceroute, ip route.

NAT/PAT enables outbound traffic through a single public IP, breaks end-to-end connectivity. ICMP for diagnostics (ping, traceroute), vulnerable to Flood and Tunneling.

Routing:

  • BGP (L7, TCP/179): Between ASes, attribute-based policies. Risks: Hijacking, Route Leaks. show ip bgp, bird.
  • RIP (L7, UDP/520): IGP by hop-count. show ip rip, frr.
  • OSPF (L3, protocol 89): Dijkstra's SPF algorithm. show ip ospf.
  • IPsec: AH/ESP in transport/tunnel modes. strongswan.

Transport Layer and Above

TCP (L4): 3-way handshake, flow control. Vulnerabilities: SYN Flood, Hijacking. netstat, ss.

UDP (L4): Connectionless, for speed. Attacks: Flood, Amplification. nc -u, iperf3.

QUIC (L4/L7, over UDP): 0-RTT, integrated TLS. curl --http3.

Application layer:

  • HTTP/HTTPS (80/443): GET/POST methods. Risks: XSS, CSRF.
  • DNS (53 UDP/TCP): TCP for zones >512 bytes. dig, nslookup.
  • DHCP (67/68): DORA process. dhclient.
  • SSH (22): Keys, fingerprint. ssh, scp.
  • FTP/SFTP (20/21, 22): Cleartext in FTP.
  • SMTP/IMAP/POP3: 25/465/587, 143/993, 110/995.
  • SNMP (161/162 UDP): v3 is secure. snmpwalk.
  • NTP (123 UDP): Amplification.

Key Takeaways

  • OSI has 7 layers for theory, TCP/IP has 4 for practice; protocols are mapped accordingly.
  • Data link layer focuses on MAC and frames: Ethernet, Wi-Fi, VLAN, ARP.
  • Network layer: IP addressing, routing (BGP, OSPF), security (IPsec).
  • Transport layer: TCP for reliability, UDP/QUIC for speed.
  • Application layer: HTTP, DNS, SSH — with emphasis on encryption and authentication.

— Editorial Team

Advertisement 728x90

Read Next