# Reference Guide to OSI, TCP/IP Network Models and Protocols for Developers
The OSI model defines seven layers for structuring network interactions, while TCP/IP simplifies it to four. This helps understand how data is transformed at each stage: from bits at the physical layer to user data at the application layer.
| OSI Layer | TCP/IP Layer | PDU | Purpose |
|-------------|----------------|-----|------------|
| 7. Application | 4. Application | Data | Interface for applications and services: HTTP, HTTPS, FTP, SMTP, DNS, SSH, IMAP, POP3, TFTP, NTP, DHCP, SNMP, BGP, RIP |
| 6. Presentation | Combined into Application | Data | Data syntax: encryption, compression, encoding (TLS/SSL, ASN.1, XDR, MIME) |
| 5. Session | Combined into Application | Data | Session management (NetBIOS, RPC, PPTP, SOCKS, SDP) |
| 4. Transport | 3. Transport | Segment/Datagram | Reliable or fast delivery: TCP, UDP, SCTP, QUIC |
| 3. Network | 2. Internet | Packet | Routing: IP (IPv4/IPv6), ICMP, OSPF, EIGRP, IPsec, GRE, IGMP |
| 2. Data Link | 1. Network Access | Frame | Local delivery by MAC: Ethernet, Wi-Fi, PPP, HDLC, Frame Relay, STP, LACP, PPPoE |
| 1. Physical | Included in Network Access | Bit | Signal transmission: cables, radio waves, hubs, USB, RS-232 |
Detailed Overview of Data Link Layer Protocols
The data link layer provides delivery within a LAN using MAC addresses. Ethernet (IEEE 802.3) forms frames in Ethernet II (DIX) format, vulnerable to VLAN Hopping, ARP Spoofing, MAC Flooding. Tools: ip link, ethtool, wireshark.
Wi-Fi (IEEE 802.11) operates on 2.4/5/6 GHz, vulnerable to WPA2/WPA3 Cracking, Evil Twin, Deauthentication. WPA2 uses AES-CCMP, WPA3 uses SAE to protect against brute-force. Commands: aircrack-ng, iw, wpa_supplicant.
- VLAN (IEEE 802.1Q): Adds a 4-byte tag to the Ethernet frame. Risks: VLAN Hopping, Double Tagging. Configuration:
ip link add link ... type vlan. - ARP: Broadcast request for IP-to-MAC. Vulnerabilities: Spoofing, Cache Poisoning. Check:
arp -a,arping. - PPP: LCP for the link, NCP for protocols, PAP/CHAP. Risks: Credential Theft. Management:
pppd,pon/poff. - STP/RSTP/MSTP: Blocks loops, RSTP speeds up convergence. Attacks: Root Bridge Hijacking, BPDU Flooding.
- LACP (802.3ad): Link aggregation. Issues: Misconfiguration, Hash Collision.
- LLDP/CDP: Neighbor discovery, risks Information Disclosure.
lldpctl,show cdp neighbors. - PPPoE: PPP over Ethernet for WAN (DSL, FTTx). Vulnerabilities: Session Hijacking.
Network Layer Protocols and Routing
The network layer handles internetwork routing. IPv4/IPv6: 32/128-bit addresses, SLAAC in IPv6. Attacks: IP Spoofing, NDP Spoofing. Diagnostics: ping, traceroute, ip route.
NAT/PAT enables outbound traffic through a single public IP, breaks end-to-end connectivity. ICMP for diagnostics (ping, traceroute), vulnerable to Flood and Tunneling.
Routing:
- BGP (L7, TCP/179): Between ASes, attribute-based policies. Risks: Hijacking, Route Leaks.
show ip bgp,bird. - RIP (L7, UDP/520): IGP by hop-count.
show ip rip,frr. - OSPF (L3, protocol 89): Dijkstra's SPF algorithm.
show ip ospf. - IPsec: AH/ESP in transport/tunnel modes.
strongswan.
Transport Layer and Above
TCP (L4): 3-way handshake, flow control. Vulnerabilities: SYN Flood, Hijacking. netstat, ss.
UDP (L4): Connectionless, for speed. Attacks: Flood, Amplification. nc -u, iperf3.
QUIC (L4/L7, over UDP): 0-RTT, integrated TLS. curl --http3.
Application layer:
- HTTP/HTTPS (80/443): GET/POST methods. Risks: XSS, CSRF.
- DNS (53 UDP/TCP): TCP for zones >512 bytes.
dig,nslookup. - DHCP (67/68): DORA process.
dhclient. - SSH (22): Keys, fingerprint.
ssh,scp. - FTP/SFTP (20/21, 22): Cleartext in FTP.
- SMTP/IMAP/POP3: 25/465/587, 143/993, 110/995.
- SNMP (161/162 UDP): v3 is secure.
snmpwalk. - NTP (123 UDP): Amplification.
Key Takeaways
- OSI has 7 layers for theory, TCP/IP has 4 for practice; protocols are mapped accordingly.
- Data link layer focuses on MAC and frames: Ethernet, Wi-Fi, VLAN, ARP.
- Network layer: IP addressing, routing (BGP, OSPF), security (IPsec).
- Transport layer: TCP for reliability, UDP/QUIC for speed.
- Application layer: HTTP, DNS, SSH — with emphasis on encryption and authentication.
— Editorial Team
No comments yet.