OSI Model – All 7 Layers Explained

1. What Is the OSI Model?

The OSI (Open Systems Interconnection) Model is a conceptual framework developed by the ISO (International Organization for Standardization) in 1984 that divides network communication into seven distinct layers. Each layer has a specific role, communicates only with the layers directly above and below it, and hands off a well-defined unit of data (a PDU — Protocol Data Unit) as it passes through the stack.

The OSI model does not define specific protocols — it is a reference model used to understand, design, and troubleshoot network systems. Real-world networking is governed by the TCP/IP model, but the OSI model remains the universal language network engineers use when diagnosing problems.

  OSI Layer Stack                 Data Unit (PDU)    Direction
  -------------------------------- ----------------  ---------
  Layer 7 | Application          | Data             ^
  Layer 6 | Presentation         | Data             | Decapsulation
  Layer 5 | Session              | Data             | (receiving)
  Layer 4 | Transport            | Segment          |
  Layer 3 | Network              | Packet           |
  Layer 2 | Data Link            | Frame            |
  Layer 1 | Physical             | Bits             v Encapsulation (sending)

Mnemonic (top to bottom): "All People Seem To Need Data Processing" (Application, Presentation, Session, Transport, Network, Data Link, Physical)

Mnemonic (bottom to top): "Please Do Not Throw Sausage Pizza Away" (Physical, Data Link, Network, Transport, Session, Presentation, Application)

Related pages: TCP/IP Model | Layer Functions | MAC Addresses | IP Addressing | Frame Forwarding (L2) | Ethernet Standards (L1) | VLANs (L2) | STP (L2) | Ping | Traceroute

2. Why the OSI Model Matters

  • Interoperability: Defines standard interfaces so hardware and software from different vendors can communicate — a Cisco router can talk to a Juniper router because they both implement the same Layer 3 standards
  • Troubleshooting: Lets engineers isolate problems to a specific layer — a cable fault is a Layer 1 issue, a MAC address conflict is Layer 2, a routing problem is Layer 3
  • Protocol design: Protocols are written to operate at specific layers with defined inputs and outputs, making them modular and replaceable
  • Exam currency: The OSI model is referenced throughout CCNA and all other networking certifications as the common framework for discussing network behaviour

3. Quick-Reference: All 7 Layers

Layer # PDU Name Key Functions Key Protocols Key Devices
Application 7 Data Network services to end-user applications HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SNMP, Telnet, SSH Application servers, browsers, email clients
Presentation 6 Data Data translation, encryption, compression SSL/TLS, JPEG, MPEG, ASCII, Unicode, GIF Encryption/decryption engines (software)
Session 5 Data Session setup, management, termination, checkpoints NetBIOS, RPC, SMB, NFS, SIP (session component) APIs, session management software
Transport 4 Segment (TCP) / Datagram (UDP) End-to-end delivery, segmentation, flow control, error recovery TCP, UDP, SCTP Firewalls (stateful), load balancers
Network 3 Packet Logical addressing, routing between networks IPv4, IPv6, ICMP, OSPF, EIGRP, RIP, BGP, ARP* Routers, Layer 3 switches, firewalls
Data Link 2 Frame Node-to-node delivery, MAC addressing, error detection Ethernet (802.3), Wi-Fi (802.11), PPP, VLAN (802.1Q), STP Switches, bridges, NICs, WAPs
Physical 1 Bit Transmission of raw bits over a physical medium Ethernet physical (1000BASE-T), DSL, USB, Bluetooth (physical) Cables, hubs, repeaters, transceivers, NICs (physical)
*ARP is commonly described as operating between Layers 2 and 3 — it uses Layer 3 IP addresses to resolve Layer 2 MAC addresses.

4. Layer-by-Layer Deep Dive

Layer 1 — Physical Layer

The Physical Layer is responsible for the actual transmission of raw binary data (bits) across a physical medium. It defines the electrical, optical, radio, and mechanical characteristics of the transmission medium — voltage levels, cable types, connector pinouts, bit timing, and signal encoding.

AttributeDetails
PDUBit (1s and 0s)
ResponsibilitiesSignal encoding/decoding, bit synchronisation, physical topology (bus/star/ring), duplex settings (half/full)
TechnologiesEthernet copper (Cat5e/Cat6/Cat6a), fibre optic (single-mode/multi-mode), Wi-Fi radio (2.4/5/6 GHz), DSL, coaxial — see Ethernet Standards
DevicesCables, connectors (RJ-45), hubs, repeaters, transceivers (SFP/QSFP), signal amplifiers
TroubleshootingBroken/bent cable, wrong cable type (straight vs crossover), bad SFP transceiver, duplex mismatch, incorrect cable distance
Real-world example: A user reports no network connectivity. Layer 1 check: is the cable physically plugged in? Does the link LED on the switch port light up? Replace the cable and test.

Layer 2 — Data Link Layer

The Data Link Layer packages raw bits into frames and manages node-to-node delivery within a single network segment. It uses MAC addresses (hardware addresses burned into NICs) to identify source and destination on the local network, and provides error detection via the FCS (Frame Check Sequence) trailer.

AttributeDetails
PDUFrame
Sub-layersLLC (Logical Link Control) — error checking, flow control; MAC (Media Access Control) — addressing, media access
AddressingMAC addresses (48-bit / 6-byte hardware addresses, e.g., AA:BB:CC:11:22:33)
ProtocolsEthernet (IEEE 802.3), Wi-Fi (802.11), PPP, VLAN tagging (802.1Q), STP (802.1D), LACP (802.3ad)
DevicesSwitches (build MAC address tables), bridges, wireless access points, network interface cards
TroubleshootingMAC address conflicts, duplicate MACs, STP loop, VLAN mismatch, native VLAN mismatch, CRC errors in frame — see Port Security
Real-world example: A switch uses its MAC address table to forward a frame to the correct port. If the destination MAC is unknown, it floods the frame out all ports — a Layer 2 decision.

Layer 3 — Network Layer

The Network Layer provides logical addressing (IP addresses) and routing — the ability to deliver packets between devices on different networks. While Layer 2 handles delivery within a single LAN segment, Layer 3 handles delivery across multiple networks (inter-network routing).

AttributeDetails
PDUPacket
AddressingIPv4 (32-bit, e.g., 192.168.1.1) and IPv6 (128-bit, e.g., 2001:db8::1)
ProtocolsIPv4, IPv6, ICMP (ping/traceroute), OSPF, EIGRP, RIP, BGP
DevicesRouters, Layer 3 switches, firewalls (packet filtering)
Key conceptRouters make forwarding decisions based on the destination IP address and their routing table (longest-prefix match)
TroubleshootingMissing routes, incorrect subnet masks, routing protocol failures, wrong default gateway
Real-world example: John's PC (192.168.1.10) pings a server at 10.0.0.5. The router at Layer 3 receives the packet, looks up 10.0.0.0/24 in its routing table, and forwards the packet out the correct interface toward the destination network.

Layer 4 — Transport Layer

The Transport Layer provides end-to-end communication between applications on different hosts. It segments large data into smaller pieces, manages flow control, provides error recovery (TCP), and uses port numbers to identify which application process should receive each segment.

AttributeDetails
PDUSegment (TCP) or Datagram (UDP)
ProtocolsTCP (Transmission Control Protocol) — reliable, connection-oriented; UDP (User Datagram Protocol) — fast, connectionless
AddressingPort numbers (0–65535): well-known (0–1023), registered (1024–49151), ephemeral/dynamic (49152–65535) — see Common Port Numbers
TCP features3-way handshake (SYN/SYN-ACK/ACK), sequencing, acknowledgements, retransmission, flow control (sliding window), congestion control
UDP featuresNo connection setup, no acknowledgement, no retransmission — low overhead, ideal for real-time traffic
TroubleshootingPort blocked by firewall, TCP retransmission storms, UDP packet loss in VoIP, wrong source/destination ports
TCP vs UDP comparison: A web page download (HTTP) uses TCP — every segment must arrive in order and be acknowledged; a missing piece retransmits. A VoIP call uses UDP — a dropped packet is simply skipped rather than replayed late; low latency matters more than perfection.

Layer 5 — Session Layer

The Session Layer manages sessions — the logical connections (dialogues) between two applications. It establishes, maintains, and terminates communication sessions, and can insert checkpoints into data streams so a session can be resumed from the last checkpoint if interrupted rather than restarting from scratch.

AttributeDetails
PDUData
ProtocolsNetBIOS, RPC (Remote Procedure Call), SMB (Server Message Block), NFS, SIP (session establishment), H.323
Key functionsSession establishment (before data exchange), session maintenance (ongoing), session termination (graceful close), checkpointing (resuming after failure)
Real-world noteIn modern TCP/IP implementations, session functionality is largely handled by TCP (Layer 4) and application protocols. The Session Layer is less distinct in practice.
Real-world example: When you open multiple browser tabs to the same website, the Session Layer (implemented within the application) keeps each tab's conversation separate — each has its own session context.

Layer 6 — Presentation Layer

The Presentation Layer is the translator of the OSI model. It converts data between the format used by the application and a standardised network format, ensuring that data produced by one system can be understood by another. It also handles encryption/decryption and compression/decompression.

AttributeDetails
PDUData
Data translationCharacter encoding (ASCII, Unicode, EBCDIC), data format conversion (JSON ↔ XML)
EncryptionSSL/TLS (encrypts data before it leaves the application — HTTPS uses TLS at this layer)
CompressionJPEG (images), MPEG (video), MP3 (audio), gzip (HTTP compression)
Real-world noteLike Session, the Presentation Layer's functions are often embedded directly in application-layer protocols in real TCP/IP stacks.
Real-world example: When you visit https://netstuts.com, your browser and the web server negotiate TLS (Layer 6 encryption). All data transmitted is encrypted before being handed to TCP/IP. The browser also decompresses gzip-encoded HTTP responses at this layer.

Layer 7 — Application Layer

The Application Layer is the topmost layer and the one users interact with directly — it provides the interface between network services and user applications. It does not include the application software itself (e.g., Chrome is not an OSI layer), but rather the protocols those applications use to communicate over the network.

AttributeDetails
PDUData
WebHTTP (port 80), HTTPS (port 443)
EmailSMTP (port 25/587), IMAP (port 143/993), POP3 (port 110/995)
File transferFTP (ports 20/21), SFTP (port 22), TFTP (port 69)
Name resolutionDNS (port 53 UDP/TCP)
Network managementSNMP (ports 161/162 UDP), SSH (port 22), Telnet (port 23)
Address assignmentDHCP (ports 67/68 UDP)
Real-world example: When you type netstuts.com in your browser, DNS (Layer 7) resolves the name to an IP address, then HTTP/HTTPS (Layer 7) requests the web page. All of this happens before a single byte of actual web content travels over the network.

5. Encapsulation and Decapsulation

Encapsulation is the process by which each layer adds its own header (and sometimes trailer) as data travels down the OSI stack on the sending device. Decapsulation is the reverse — each layer removes its header as data travels up the stack on the receiving device.

Encapsulation — Sending a Web Page Request

  Layer 7 Application    HTTP request: "GET /index.html HTTP/1.1"
                                 |
                         [HTTP Header | Data]
                                 |
  Layer 4 Transport      TCP adds: source port 49152, dest port 80, seq/ack
                         [TCP Header | HTTP Header | Data]           = Segment
                                 |
  Layer 3 Network        IP adds: src IP 192.168.1.10, dst IP 93.184.216.34
                         [IP Header | TCP Header | HTTP Header | Data] = Packet
                                 |
  Layer 2 Data Link      Ethernet adds: src MAC, dst MAC, FCS trailer
                   [Eth Header | IP Header | TCP Header | HTTP Header | Data | FCS] = Frame
                                 |
  Layer 1 Physical       Convert frame to electrical/optical/radio signal
                         10101001 01101101 ... (Bits transmitted on wire)

Decapsulation — Receiving the Frame

At the destination server, the process reverses:

  1. Layer 1: Physical signal received and converted back to bits
  2. Layer 2: Ethernet header examined — destination MAC matches, FCS checked for errors, Ethernet header stripped → passes Packet to Layer 3
  3. Layer 3: IP header examined — destination IP matches, IP header stripped → passes Segment to Layer 4
  4. Layer 4: TCP header examined — port 80 directs to the web server process, TCP header stripped → passes Data to Layer 7
  5. Layer 7: HTTP data delivered to the web server application

PDU Names at Each Layer

OSI LayerPDU NameWhat's Been Added
7 – ApplicationDataApplication payload (HTTP, DNS query, etc.)
6 – PresentationDataFormat/encryption applied to data
5 – SessionDataSession context information
4 – TransportSegment (TCP) / Datagram (UDP)+ Source/destination port numbers, seq/ack (TCP)
3 – NetworkPacket+ Source/destination IP addresses, TTL
2 – Data LinkFrame+ Source/destination MAC addresses, FCS trailer
1 – PhysicalBitsBits transmitted as electrical/optical/radio signals

6. OSI Model vs TCP/IP Model

The TCP/IP model is the practical model actually used by the internet and modern networks. It was developed before the OSI model and collapses several OSI layers into four (or five, depending on the version used).

OSI LayerTCP/IP Layer (4-layer)TCP/IP Layer (5-layer)Key Protocols
7 – ApplicationApplicationApplicationHTTP, HTTPS, FTP, DNS, DHCP, SMTP, SSH, Telnet, SNMP
6 – PresentationSSL/TLS, JPEG, MPEG, ASCII
5 – SessionNetBIOS, RPC, SMB
4 – TransportTransportTransportTCP, UDP
3 – NetworkInternetInternetIPv4, IPv6, ICMP, OSPF, BGP
2 – Data LinkNetwork Access / LinkData LinkEthernet, 802.11 Wi-Fi, PPP, 802.1Q
1 – PhysicalPhysicalCables, hubs, radio signals

The key differences: TCP/IP collapses OSI Layers 5, 6, and 7 into a single Application layer. TCP/IP merges (or separately identifies) Layers 1 and 2 as Network Access / Link / Physical. TCP/IP is a working model; OSI is a theoretical reference model.

7. Troubleshooting by OSI Layer

The OSI model's greatest practical value is in systematic troubleshooting. Engineers typically work from Layer 1 upward (bottom-up approach) or from Layer 7 downward (top-down approach), isolating the problem at its exact layer.

LayerCommon ProblemsDiagnostic Tools & Commands
L1 PhysicalCable unplugged, damaged cable, wrong cable type, duplex mismatch, bad SFPCheck link LEDs, cable tester, show interfaces (check for errors/input errors)
L2 Data LinkMAC address conflict, STP loop, VLAN mismatch, native VLAN mismatch, CRC errorsshow mac address-table, show interfaces trunk, show spanning-tree
L3 NetworkMissing route, wrong default gateway, incorrect subnet mask, routing protocol failureping, traceroute, show ip route, show ip ospf neighbor
L4 TransportPort blocked by firewall/ACL, TCP handshake failure, wrong port number in application configtelnet <ip> <port> (test TCP connectivity), show access-lists, packet capture
L5 SessionSession timeout, session limit exceeded, authentication failureApplication logs, session table on firewall
L6 PresentationTLS certificate expired, SSL version mismatch, character encoding errorBrowser security warnings, openssl s_client, application error logs
L7 ApplicationWeb server down, DNS resolution failure, incorrect URL, application misconfigurationnslookup, dig, curl -v, browser developer tools
Troubleshooting Scenario: A user can't access a web server.
1. Can you ping the server's IP? → Yes = Layers 1–3 are OK
2. Can you telnet <server-ip> 443? → Yes = Layer 4 TCP port is open
3. Does the browser show a certificate error? → Layer 6 TLS/certificate issue
4. Does the browser show "404 Not Found"? → Layer 7 application issue (wrong URL / server config)

8. End-to-End Example: Sending an Email

John sends an email from his laptop to a colleague. Here is the full OSI journey:

LayerWhat Happens
7 ApplicationJohn's email client uses SMTP to compose the message and connect to the mail server on port 587
6 PresentationThe message body is encoded (UTF-8), attachments are Base64-encoded; TLS encrypts the connection
5 SessionAn SMTP session is established between John's client and the mail server — the session manages the command/response dialogue
4 TransportTCP segments the email data; source port (e.g., 51234) and destination port 587 identify the SMTP process; TCP ensures reliable delivery
3 NetworkIPv4 packet created with John's IP (192.168.1.10) as source and the mail server's IP as destination; router forwards toward destination
2 Data LinkEthernet frame created with source and destination MAC addresses; switch forwards frame based on MAC address table
1 PhysicalFrame converted to electrical signals (Cat6 cable) or radio waves (Wi-Fi) and physically transmitted to the next hop

OSI Model Quiz

1. What is the primary function of the Physical Layer (Layer 1)?

Correct answer is D. The Physical Layer defines and transmits raw binary data as electrical signals (copper), light pulses (fibre optic), or radio waves (Wi-Fi). It deals with voltage levels, cable specifications, connector pinouts, bit timing, and signal encoding — everything below the frame structure. Devices at this layer include cables, hubs, repeaters, and transceivers.

2. Which devices operate primarily at the Data Link Layer (Layer 2)?

Correct answer is C. Switches and bridges operate at Layer 2. They build MAC address tables by learning the source MAC address of every frame received, and use those tables to forward frames only to the correct destination port — rather than flooding to all ports. VLANs, STP, and Ethernet are all Layer 2 technologies.

3. What is the main responsibility of the Network Layer (Layer 3)?

Correct answer is A. The Network Layer assigns logical IP addresses and is responsible for routing packets across multiple networks. Routers make Layer 3 forwarding decisions based on the destination IP address and the routing table. Key protocols include IPv4, IPv6, ICMP (used by ping and traceroute), OSPF, EIGRP, and BGP.

4. Which protocols operate at the Transport Layer (Layer 4) and what distinguishes them?

Correct answer is B. TCP and UDP are the two Transport Layer protocols. TCP provides reliable, ordered, connection-oriented delivery using a 3-way handshake, sequence numbers, acknowledgements, and retransmission. UDP provides fast, connectionless delivery with no guarantees — used for real-time applications like VoIP and video streaming where speed matters more than perfection. Both use port numbers to direct traffic to the correct application.

5. What is the key function of the Session Layer (Layer 5)?

Correct answer is D. The Session Layer sets up (establishes), maintains, and terminates logical dialogues (sessions) between two applications. It separates different conversations — for example, keeping multiple browser tabs to the same server distinct. It also supports checkpointing, allowing a session to resume from the last checkpoint after a failure rather than restarting entirely. Protocols: NetBIOS, RPC, SMB.

6. Which of the following is a responsibility of the Presentation Layer (Layer 6)?

Correct answer is C. The Presentation Layer translates data between the format used by the application and a standardised network format. It handles character encoding (ASCII/Unicode), data format conversion, encryption (SSL/TLS for HTTPS), and compression (JPEG for images, MPEG for video, gzip for HTTP). This ensures data produced by one system is understandable to another even if they use different internal formats.

7. Which OSI layer interfaces directly with user applications and provides network services to them?

Correct answer is B. The Application Layer (Layer 7) is the topmost layer and provides the interface between network services and user software. It contains the protocols applications use to communicate — HTTP/HTTPS for web, SMTP/IMAP for email, DNS for name resolution, FTP for file transfer, SSH for secure management. Note: the Application Layer is the protocol, not the application itself (Chrome is not an OSI layer).

8. What is encapsulation in the OSI model context?

Correct answer is A. Encapsulation is the process of wrapping data with layer-specific headers (and sometimes trailers) as it travels down the OSI stack on the sending device. Layer 7 starts with application data, Layer 4 adds TCP/UDP header, Layer 3 adds IP header, Layer 2 adds Ethernet header + FCS trailer, Layer 1 transmits as bits. Decapsulation is the reverse process at the receiving end — each layer strips its own header as data travels up the stack.

9. A network engineer pings a remote server successfully but cannot access its web service on port 443. At which OSI layer is the problem most likely located?

Correct answer is C. A successful ping proves Layers 1, 2, and 3 are working (ICMP Echo Request/Reply travels end-to-end). The inability to access port 443 (HTTPS) specifically points to a Layer 4 issue — most likely a firewall rule or ACL blocking TCP port 443. Diagnose with telnet <ip> 443 (test TCP connection) or show access-lists on the router/firewall. If the TLS handshake itself fails after the TCP connection succeeds, the issue rises to Layer 6.

10. How does the TCP/IP model differ from the OSI model in its layer structure?

Correct answer is C. The TCP/IP model (4-layer version) collapses OSI Layers 5 (Session), 6 (Presentation), and 7 (Application) into a single Application layer, and merges OSI Layers 1 (Physical) and 2 (Data Link) into Network Access (also called Link layer). The result is four layers: Application, Transport, Internet (= OSI Network), and Network Access. The TCP/IP model is what the internet actually runs on; the OSI model is the universal reference framework.

← Back to Home