Master the OSI Model and TCP/IP Stack: From Physical Bits to Secure HTTPS

OSI Seven‑Layer Model

The OSI model defines seven logical layers. Data originates as bits (Physical layer), is framed ( Frames ) at the Data Link layer, routed as Packets at the Network layer (IP), segmented as Segments at the Transport layer (TCP/UDP), managed by the Session layer, transformed by the Presentation layer (e.g., ASCII, SSL/TLS), and finally consumed by the Application layer (e.g., HTTP).

TCP/IP Four‑Layer Model

TCP/IP collapses the OSI stack into four layers: Application (HTTP, FTP, DNS, SMTP), Transport (TCP, UDP), Internet (IP, ICMP), and Link (Ethernet framing). Each layer adds its own header on the way down and strips it on the way up.

Network Devices

Switches operate at the Data Link layer, learning MAC addresses and forwarding frames based on a MAC‑address table. Routers operate at the Network layer, using routing tables to forward IP packets between different subnets.

IP and MAC Addressing

IPv4 addresses are 32‑bit numbers expressed in dotted‑decimal notation (e.g., 192.168.1.1). A subnet mask (e.g., 255.255.255.0) separates the network and host portions. MAC addresses are 48‑bit hardware identifiers used by switches to forward frames.

ARP (Address Resolution Protocol)

ARP maps an IP address to a MAC address on a local LAN. A host broadcasts an ARP request; the owner of the IP replies with its MAC, which is then cached.

TCP

TCP is a connection‑oriented, reliable, full‑duplex transport protocol.

Connection establishment uses a three‑way handshake (SYN, SYN‑ACK, ACK).

Connection termination uses a four‑step handshake (FIN, ACK, FIN, ACK).

Reliability is provided by sequence numbers, acknowledgments, retransmission timers (RTO), and flow control via the sliding window ( rwnd).

Congestion control combines slow start, congestion avoidance, fast retransmit, and fast recovery, adjusting the congestion window ( cwnd).

TCP Segment Header (excerpt)

Source Port (16 bits)
Destination Port (16 bits)
Sequence Number (32 bits)
Acknowledgment Number (32 bits)
Data Offset (4 bits)
Flags (8 bits: SYN, ACK, FIN, RST, PSH, URG)
Window Size (16 bits)
Checksum (16 bits)
Urgent Pointer (16 bits)
Options (variable)

UDP

UDP is a connectionless, best‑effort transport protocol with an 8‑byte header (source port, destination port, length, checksum). It preserves message boundaries and is used by DNS, DHCP, TFTP, etc.

HTTP

HTTP/1.0 defines GET, POST, HEAD. HTTP/1.1 adds OPTIONS, PUT, PATCH, DELETE, TRACE, CONNECT. Requests consist of a request line, headers, and optional body; responses consist of a status line, headers, and body.

Common Status Codes

1xx – informational

2xx – success (e.g., 200 OK, 204 No Content, 206 Partial Content)

3xx – redirection (e.g., 301 Moved Permanently, 302 Found)

4xx – client error (e.g., 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found)

5xx – server error (e.g., 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable)

Persistent Connections and Pipelining (HTTP/1.1)

HTTP/1.1 enables Connection: keep‑alive so multiple requests can reuse the same TCP connection. Pipelining allows a client to send several requests without waiting for each response, reducing overall latency.

HTTPS

HTTPS combines HTTP with TLS/SSL to provide confidentiality, integrity, and authentication.

Client initiates a TLS handshake.

Server sends its X.509 certificate.

Client validates the certificate chain (root, intermediate, expiration, revocation).

Client generates a random pre‑master secret, encrypts it with the server’s public key, and sends it.

Server decrypts the pre‑master secret with its private key.

Both sides derive the symmetric session key and use it to encrypt application data.

Digital Certificate

Certificates bind a server’s public key to its identity, signed by a trusted Certificate Authority (CA). The client trusts the public key only if the certificate validates.

DNS Resolution

Clients query a local resolver, which may recursively query root, TLD, and authoritative name servers to obtain records such as A, AAAA, CNAME, MX, NS. Resolvers cache responses.

Example A Record

www.example.com.    IN    A    139.18.28.5

SQL Injection

Attackers embed malicious SQL in input fields. Example payload for a login form:

Username: ' or 1=1 --
Password:

When concatenated into a query, the condition or 1=1 always evaluates true, bypassing authentication.

Mitigation: use prepared statements (parameter binding) or ORM frameworks that separate data from code.

Encryption Algorithms

Symmetric algorithms (same key for encryption/decryption) include DES, 3DES, AES. Asymmetric algorithms (public/private key pair) include RSA, DSA. Hash functions (no key) include SHA‑1, MD5.

Symmetric Encryption Example

Plaintext + secret key → encrypt → ciphertext. Receiver uses the same key to decrypt back to plaintext.

Asymmetric Encryption Example

Sender encrypts data with receiver’s public key → only receiver can decrypt with private key.

Sender signs data by encrypting a hash with its private key; receiver verifies with sender’s public key.

Digital Signatures

Signatures provide integrity and non‑repudiation. Process: hash the message, encrypt the hash with the sender’s private key (signature), send both. Receiver hashes the received message, decrypts the signature with the sender’s public key, and compares hashes.

Common Web Attacks and Mitigations

XSS (reflected or stored): inject malicious scripts. Mitigate by output encoding and Content‑Security‑Policy.

CSRF : trick a logged‑in user into sending unwanted requests. Mitigate with anti‑CSRF tokens and SameSite cookies.

DoS/DDoS : overwhelm a service. Mitigate with firewalls, SYN‑cookies, rate limiting, and reducing SYN‑half‑open timeout.

TCP Handshake Details

Step 1 – SYN : Client sends SYN=1 with initial sequence seq=j and enters SYN_SENT.

Step 2 – SYN‑ACK : Server replies with SYN=1, ACK=1, ack=j+1, and its own sequence seq=k, entering SYN_RCVD.

Step 3 – ACK : Client acknowledges with ACK=1, ack=k+1. Both sides reach ESTABLISHED and can exchange data.

TCP Connection Teardown

Client sends FIN → FIN_WAIT_1.

Server replies ACK → client enters FIN_WAIT_2.

Server sends its own FIN → LAST_ACK on client.

Client acknowledges ACK → TIME_WAIT (2 MSL) then CLOSED.

Flow and Congestion Control

TCP uses rwnd (receiver window) for flow control and cwnd (congestion window) for congestion control. The effective send window is min(rwnd, cwnd).

Slow Start : start with cwnd=1 MSS and double each RTT until ssthresh is reached.

Congestion Avoidance : increase cwnd linearly (by 1 MSS per RTT) after ssthresh.

Fast Retransmit : on three duplicate ACKs, retransmit the missing segment without waiting for RTO.

Fast Recovery : set cwnd = ssthresh + 3 MSS after fast retransmit, then resume congestion avoidance.

Socket API

A socket abstracts the TCP/IP stack for applications. It provides system calls such as socket(), bind(), listen(), accept(), connect(), send(), and recv().

Ping (ICMP Echo)

Ping sends an ICMP Echo Request to a target IP and measures the round‑trip time when an Echo Reply is received. It uses the IP layer to route the packet and ARP (if needed) to resolve the target’s MAC address.