Understanding the OSI and TCP/IP Models: A Complete Guide to Network Layers

Preface

How is the Internet constructed and how does it work? Why do interviewers often ask about TCP/IP? Computer networking is the foundation of the IT industry and an essential topic for engineers.

Network Layered Architecture

Computer networks follow a strict layered design, which isolates problems, improves flexibility, eases implementation and maintenance, and promotes standardization.

Layer isolation

Good flexibility

Easy implementation and maintenance

Facilitates standardization

Standardization is key to the global Internet; without common protocols, hardware incompatibilities would be disastrous.

The two mainstream layered models are:

OSI (Open Systems Interconnection) model – the classic seven‑layer model.

TCP/IP model – a four‑layer model (sometimes described as five layers) named after its core protocols.

The OSI model was intended as a universal standard, but its design proved too idealistic. The already widespread TCP/IP suite became the de‑facto international standard.

TCP/IP Network Model

Note: While the layered architecture is abstract, its implementation is concrete.

The diagram shows how HTTP application data flows through the layers from top to bottom.

Application layer carries the actual HTTP data.

The data is handed to the transport layer, where a TCP header is added, forming a segment.

The segment is passed to the network layer, which adds an IP header, creating a packet.

The packet reaches the data‑link layer, where an Ethernet header creates a frame.

The frame is finally transmitted by the physical layer as binary signals.

The process of adding headers is called encapsulation ; removing them is decapsulation .

Physical Layer

The physical medium connects devices (cables, fiber, radio). It determines distance, bandwidth, speed, and interference resistance.

Specifies electrical, mechanical, and functional requirements between endpoints.

Defines frequency, rate, maximum distance, and connector types.

Result: any standard network cable can plug into any brand of computer.

Data‑Link Layer

This layer groups raw bits into frames and assigns meaning. Ethernet dominates this layer.

Ethernet frames consist of a 14‑byte header (destination MAC, source MAC, type), payload (46‑1500 bytes), and a 4‑byte CRC trailer.

MAC Address

Each network interface card (NIC) has a globally unique 6‑byte MAC address, e.g., 00:01:6C:06:A6:29. The first three bytes identify the vendor (assigned by IEEE); the last three are the device’s serial number.

Ethernet uses broadcast: a frame is sent to all hosts on the local network; each host checks the destination MAC and accepts the frame only if it matches its own MAC.

Switches operate at this layer to forward frames efficiently.

Network Layer

MAC addresses work only within a local subnet. To reach other subnets, IP addresses are used.

IP Protocol

IP encapsulates transport‑layer segments into packets. An IP header is 20 bytes; the payload can be up to 65 515 bytes. If a packet exceeds the maximum frame size (1500 bytes), it is fragmented.

Version : IPv4 or IPv6.

Header Length : length of the IP header.

Type of Service : priority, delay, throughput, reliability.

Total Length : total packet size.

Identification : unique ID for fragmentation.

Flags : indicate fragmentation.

Fragment Offset : order of fragments.

TTL : limits how many routers a packet can traverse.

Protocol : indicates the encapsulated transport protocol (TCP, UDP, etc.).

Header Checksum : error detection for the header.

Source Address and Destination Address .

IP addresses are logical identifiers divided into network and host portions by a subnet mask, enabling easy subnetting.

ARP Protocol

ARP maps IP addresses to MAC addresses. A host broadcasts an ARP request containing the target IP; the owner of that IP replies with its MAC address. ARP caches these mappings locally.

Routing Protocols

Routers run routing protocols to forward packets between subnets, overcoming the broadcast limitation of ARP.

Transport Layer

Transport provides end‑to‑end communication between processes using ports. The two main protocols are TCP (reliable) and UDP (unreliable).

TCP Protocol

TCP offers reliable, connection‑oriented byte‑stream delivery. It uses a three‑way handshake to establish a connection and a four‑way handshake to terminate it.

Sequence Number

Acknowledgment Number

Offset

Reserved

Flags (CWR, ECE, URG, ACK, PSH, RST, SYN, FIN)

Window size

Checksum

Urgent Pointer

Three‑way handshake steps: SYN, SYN‑ACK, ACK. Four‑way termination steps: FIN, ACK, FIN, ACK.

UDP Protocol

UDP provides connection‑less, best‑effort delivery with a minimal header (source port, destination port, length, checksum).

Application Layer

The application layer defines how data is presented to users and includes protocols such as HTTP, FTP, SMTP, etc. For example, HTTP specifies request and response header fields like Content‑Type and Accept.

Application developers can use these protocols without needing to understand lower‑layer details.

Conclusion

Physical layer: transmits raw bits over a medium.

Data‑link layer: uses MAC addresses to locate hosts within a local network.

Network layer: uses IP addresses to locate hosts across subnets.

Transport layer: uses ports to locate processes on a host.

Application layer: provides services to end‑user applications.

Core protocol family :