OSI vs TCP/IP Model – Side-by-Side Comparison

1. Why Two Models Exist

Two conceptual frameworks dominate network education and professional practice: the OSI model (Open Systems Interconnection) and the TCP/IP model (also called the Internet model or DoD model). Both describe how data moves from one device to another across a network — but they were created with different goals, at different times, and for different audiences.

Understanding why two models exist — and what each is actually used for — prevents the common confusion of treating them as competing descriptions of the same thing. They are complementary: the OSI model provides a precise theoretical vocabulary for discussing network functions, while the TCP/IP model describes the actual protocol suite that runs the internet.

Feature OSI Model TCP/IP Model
Developed by ISO (International Organization for Standardization) and ITU-T US Department of Defence (DoD) / DARPA; evolved into the IETF
Year Published 1984 (ISO 7498) Original TCP/IP architecture: 1974 (Cerf & Kahn); formalized as a 4-layer model in the 1980s
Number of layers 7 layers 4 layers (some texts use 5)
Primary purpose Theoretical framework — a vendor-neutral reference for understanding and discussing network functions and interoperability Practical implementation — describes the actual protocol suite used to build the internet
Real-world use Conceptual reference, troubleshooting framework, vendor documentation, exam certification standard The actual operational model — all internet and intranet communication runs on TCP/IP
Protocols defined Framework only — OSI defines the layers but most OSI-specific protocols (X.25, FTAM) are obsolete Defines the real protocols: IP, TCP, UDP, HTTP, DNS, TLS, etc.
Status Still taught universally as the reference model; original OSI protocols largely replaced by TCP/IP The operational standard — all modern networking runs on TCP/IP

Related pages: OSI Layer Functions | Common Port Numbers | Layer Functions | Packet Flow / show ip route | Frame Forwarding / MAC Table

2. The OSI Model — Seven Layers

The OSI model divides network communication into seven distinct layers, each with a clearly defined responsibility. Each layer provides services to the layer above and relies on services from the layer below. This layered separation means a change at one layer (e.g., switching from copper to fibre at Layer 1) does not require changes at other layers — a principle called layer independence.

OSI Model — 7 Layers with Mnemonics LAYER NAME PDU KEY PROTOCOLS MNEMONIC L7 Application Data HTTP · FTP · DNS · SMTP "All" L6 Presentation Data TLS · SSL · JPEG · ASCII "People" L5 Session Data NetBIOS · RPC · PPTP "Seem" L4 Transport Segment TCP · UDP "To" L3 Network Packet IP · ICMP · OSPF · BGP "Need" L2 Data Link Frame Ethernet · 802.11 · ARP "Data" L1 Physical Bits Cables · Hubs · Signals "Processing" ↓ All People Seem To Need Data Processing  ·  ↑ Please Do Not Throw Sausage Pizza Away
Layer Name PDU Key Responsibility Example Protocols / Technologies
7 Application Data Network services to end-user applications; interface between the network and the application HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SNMP, SSH, Telnet
6 Presentation Data Data translation, encoding, compression, and encryption/decryption — ensures data is in a format the application can use SSL/TLS (encryption), JPEG, MPEG, ASCII, Unicode, XML, JSON
5 Session Data Establishes, manages, and terminates sessions between applications; synchronisation and dialogue control NetBIOS, RPC, SQL sessions, NFS session management, SIP (partially)
4 Transport Segment (TCP) / Datagram (UDP) End-to-end communication, reliability (TCP), flow control, error recovery, port numbers, segmentation and reassembly TCP, UDP, SCTP
3 Network Packet Logical addressing (IP), routing between networks, path determination IPv4, IPv6, ICMP, OSPF, EIGRP, BGP, ARP (debated)
2 Data Link Frame Physical addressing (MAC), error detection (FCS), access to the physical medium, framing Ethernet (802.3), Wi-Fi (802.11), PPP, HDLC, 802.1Q (VLAN tagging), STP
1 Physical Bits Transmission of raw bits over the physical medium — electrical signals, light pulses, or radio waves Ethernet cables (Cat5e/6/6A), fibre optic, Wi-Fi radio, USB, DSL, hubs, repeaters
CCNA PDU names — memorise these:
Layer 7/6/5 → Data
Layer 4 TCP → Segment  |  Layer 4 UDP → Datagram
Layer 3 → Packet
Layer 2 → Frame
Layer 1 → Bits

3. The TCP/IP Model — Four Layers

The TCP/IP model (sometimes called the Internet model or DoD model) consolidates the OSI model's seven layers into four practical layers that directly correspond to how the TCP/IP protocol suite is implemented and used. It emerged from the ARPANET research that became the internet, and unlike the OSI model, it was defined alongside the actual protocols — not as a theoretical framework.

Layer TCP/IP Name Equivalent OSI Layers Key Responsibility Example Protocols
4 Application OSI 7 (Application) + 6 (Presentation) + 5 (Session) All user-facing services, data formatting, session management — everything above the transport layer HTTP, HTTPS, FTP, SMTP, DNS, DHCP, SSH, SNMP, TLS (some argue TLS spans layers)
3 Transport OSI 4 (Transport) End-to-end communication, segmentation, reliability (TCP) or speed (UDP), port numbers TCP, UDP
2 Internet OSI 3 (Network) Logical addressing, routing between networks, path selection IPv4, IPv6, ICMP, ARP (debated), routing protocols (OSPF, BGP at control plane)
1 Network Access
(Link)		 OSI 2 (Data Link) + 1 (Physical) Physical transmission, MAC addressing, framing, error detection on a single network segment Ethernet, Wi-Fi (802.11), PPP, DSL, fibre, cables, NIC hardware
Five-layer variant: Some textbooks (including Cisco's CCNA curriculum) use a 5-layer TCP/IP model that separates the Network Access layer into Data Link (Layer 2) and Physical (Layer 1). This makes the mapping to OSI layers more intuitive and aligns with how network engineers actually discuss device behaviour. The 5-layer variant is common in CCNA study materials.

4. Layer Mapping — OSI to TCP/IP Side by Side

OSI Layer OSI Layer Name TCP/IP Layer (4-layer) TCP/IP Layer (5-layer)
7 Application Application (Layer 4) Application (Layer 5)
6 Presentation
5 Session
4 Transport Transport (Layer 3) Transport (Layer 4)
3 Network Internet (Layer 2) Network (Layer 3)
2 Data Link Network Access (Layer 1) Data Link (Layer 2)
1 Physical Physical (Layer 1)
Key mapping facts:
OSI Layers 5, 6, 7 → all map to TCP/IP Application layer
OSI Layer 4 = TCP/IP Transport layer (1:1 match)
OSI Layer 3 = TCP/IP Internet layer (1:1 match)
OSI Layers 1 and 2 → TCP/IP Network Access layer (combined)

The 1:1 mapping at Layer 3 and 4 is why network engineers freely say "Layer 3" and "Layer 4" — both models agree on these layers.

4a. Live Mapping — Watch the Packet Flow

Watch a packet travel down the OSI stack (left) and see exactly which TCP/IP layer (right) handles it at each step. The bracket shows how OSI layers collapse into TCP/IP layers.

Packet descends OSI (left) → mapped TCP/IP layer lights up (right)

5. Why the OSI Model Is Still Taught

A natural question: if TCP/IP is what actually runs the internet, why is so much time spent studying the OSI model? The answer is that the OSI model provides something the TCP/IP model deliberately avoids — a precise, granular vocabulary for describing network functions that is independent of any specific protocol.

Five Reasons the OSI Model Remains Essential

Reason Explanation
Troubleshooting framework The OSI model gives engineers a structured top-down or bottom-up methodology for isolating network faults. "Is this a Layer 1 problem (cable), Layer 2 (VLAN/STP), or Layer 3 (routing)?" is the most common diagnostic conversation in networking. This works because OSI layers map cleanly to specific devices and symptoms.
Vendor-neutral common language Cisco, Juniper, Arista, Palo Alto, and F5 all use OSI layer terminology in their documentation. "Layer 7 firewall", "Layer 3 switch", "Layer 2 loop" are universally understood terms across all vendors and all networking disciplines.
Protocol design reference When new protocols are designed, they are specified in terms of which OSI layer they operate at and what services they provide to the layer above. YANG models, gNMI, and HTTP/3 are all described in OSI terms.
Security discussion Firewall types are categorised by OSI layer (Layer 4 stateful, Layer 7 application-aware). DDoS attacks are described by layer (Layer 3/4 volumetric, Layer 7 application attacks). ACLs operate at Layer 3 and 4. The OSI layer makes the security boundary clear.
Certification exams worldwide CCNA, CompTIA Network+, JNCIA, and every other major networking certification tests OSI model knowledge extensively. It is the universal baseline for networking education globally.

OSI Layers in Troubleshooting

Before / Without OSI Model After / With OSI Model
Bottom-up troubleshooting approach (most efficient): start at the physical layer and work up Layer 1 — Physical: Is the cable plugged in? Is the link light on? Is the NIC recognised?
↓ If Layer 1 OK... Layer 2 — Data Link: Is there a MAC address? Is the switch port up? Any duplex mismatch?
↓ If Layer 2 OK... Layer 3 — Network: Is there an IP address? Is the default gateway correct? Can you ping it?
↓ If Layer 3 OK... Layer 4 — Transport: Is the port open? Does the firewall allow TCP 443? Is the service listening?
↓ If Layer 4 OK... Layer 7 — Application: Is the service running? Is the config correct? Any TLS cert errors?
Top-down troubleshooting (useful when the user reports an app issue, not a connectivity issue) Start at Layer 7 (is the app responding?) and work down only as needed
Examples of layer-specific problems: Layer 1: broken cable, bad SFP, no link light, speed mismatch, faulty NIC
Layer 2: incorrect VLAN, STP loop, duplicate MAC, port in err-disabled state Layer 3: wrong IP subnet, missing route, wrong gateway, OSPF adjacency failure
Layer 4: firewall blocking port, wrong port number, NAT translation failure, TCP RST flood Layer 7: wrong URL, expired certificate, misconfigured web server, DNS resolution failure

6. How Real Protocols Map to Both Models

Real protocols rarely respect model boundaries perfectly — many span multiple layers or are categorised differently depending on context. The table below shows exactly where the most important protocols sit in both models simultaneously.

Protocol OSI Layer(s) TCP/IP Layer PDU Name Notes
HTTP / HTTPS 7 (Application) Application Data HTTP is pure Layer 7. TLS (inside HTTPS) also has Presentation (6) and Session (5) characteristics — it encrypts and manages the secure session.
TLS / SSL 5 (Session) + 6 (Presentation) Application Data TLS encrypts data (Presentation) and establishes a secure session (Session). It sits between the transport and application in practice — a Layer 4.5 functionally.
DNS 7 (Application) Application Data Application layer service. Uses UDP or TCP at Layer 4. See: How DNS Works
DHCP 7 (Application) Application Data Application layer protocol running over UDP 67/68. See: DHCP Overview
FTP / SMTP / SSH 7 (Application) Application Data All application layer protocols with TCP transport.
TCP 4 (Transport) Transport Segment Connection-oriented; ports, sequencing, acknowledgements, flow control. See: Port Numbers
UDP 4 (Transport) Transport Datagram Connectionless; port numbers, no reliability.
IPv4 / IPv6 3 (Network) Internet Packet Logical addressing and routing. The core of both the OSI Network layer and TCP/IP Internet layer. See: IP Interface Brief
ICMP 3 (Network) Internet Packet Error reporting for IP. Used by ping and traceroute. IP protocol number 1. See: Ping / ICMP
ARP 2/3 (Data Link / Network — debated) Internet / Network Access Frame / Packet Maps IP addresses to MAC addresses. Operates between Layer 2 and 3 — often called "Layer 2.5". Uses Ethernet framing (Layer 2) but resolves Layer 3 addresses. See: ARP / MAC Address
OSPF 3 (Network) Internet Packet Routing protocol operating at Layer 3. Uses IP protocol 89 (no TCP/UDP). See: OSPF Overview
BGP 3 (Network) / 4 (Transport) Internet / Transport Segment / Packet BGP is a routing protocol (Layer 3 in function) but runs over TCP port 179 (Layer 4 in transport). Often described as a Layer 4 protocol because of its TCP dependency. See: BGP Overview
Ethernet (802.3) 1 (Physical) + 2 (Data Link) Network Access Frame (L2) / Bits (L1) Ethernet spans both Physical (signalling, cabling) and Data Link (MAC addressing, framing, FCS error detection). See: Ethernet Standards
Wi-Fi (802.11) 1 (Physical) + 2 (Data Link) Network Access Frame (L2) / Bits (L1) Like Ethernet, Wi-Fi spans Physical (RF) and Data Link (MAC, CSMA/CA). See: Wi-Fi 802.11 Standards
STP / RSTP 2 (Data Link) Network Access Frame Loop prevention at Layer 2 using BPDUs. See: STP Overview
VLANs / 802.1Q 2 (Data Link) Network Access Frame VLAN tagging is a Layer 2 function — the 4-byte 802.1Q tag is inserted in the Ethernet frame header. See: VLANs
PPP / HDLC 2 (Data Link) Network Access Frame WAN serial link Data Link protocols.
SNMP 7 (Application) Application Data Network management application protocol over UDP 161/162. See: SNMP/Syslog Logging
NTP 7 (Application) Application Data Time synchronisation over UDP 123. See: NTP Sync

7. Encapsulation and De-encapsulation — Both Models

Encapsulation is the process by which each layer adds its own header (and sometimes trailer) to the data passed down from the layer above, building up the complete PDU for transmission. De-encapsulation is the reverse — each layer at the receiver strips its header and passes the inner data upward.

This process is the same in both OSI and TCP/IP — the two models describe the same physical reality, just with different levels of granularity.

Encapsulation at the sender (top to bottom):Application generates HTTP request: "GET /index.html HTTP/1.1"Layer 7 (OSI App / TCP/IP App)HTTP Data: "GET /index.html HTTP/1.1"Layer 4 (Transport): TCP adds port numbers, seq#TCP Header HTTP DataSrc:54321 "GET /index.html..."Dst:80 ← TCP SegmentLayer 3 (Network): IP adds source/destination IPsIP Header TCP Header HTTP DataSrc:10.0.0.5 Src:54321 "GET /index.html..." ← IP PacketDst:93.x.x.x Dst:80Layer 2 (Data Link): Ethernet adds MAC addresses, FCSEth Header IP Header TCP Header HTTP Data FCS (CRC)Src MAC Src IP Src Port "GET /index.html..."Dst MAC Dst IP Dst Port ← Ethernet FrameLayer 1 (Physical): Frame serialised to electrical/optical bits10110001 01001100 10110010 ... (bits transmitted on the wire)De-encapsulation at the receiver: reverse process — each layerreads its header, processes it, and passes the inner data upward.

Encapsulation Summary Table

OSI Layer Header Added PDU Result Key Information in Header
7 / 6 / 5 — Application Application header (e.g., HTTP method, URL) Data HTTP: GET/POST, URL, headers; DNS: query type; etc.
4 — Transport TCP or UDP header Segment (TCP) / Datagram (UDP) Source port, destination port, sequence number (TCP), checksum
3 — Network IP header Packet Source IP, destination IP, TTL, protocol (6=TCP, 17=UDP, 1=ICMP), DSCP (QoS)
2 — Data Link Ethernet header + FCS trailer Frame Source MAC, destination MAC, EtherType (0x0800=IPv4, 0x86DD=IPv6, 0x0806=ARP), FCS (error detection)
1 — Physical None — frame converted to bit stream Bits Encoding (NRZ, Manchester), line rate, signal voltage/ light/RF modulation

8. Network Devices and Their OSI Layers

Each type of network device operates at a specific OSI layer — the layer at which it reads, processes, and makes forwarding decisions. Understanding device-layer relationships is foundational to network design and is heavily tested on the CCNA.

Device OSI Layer TCP/IP Layer What It Reads Forwarding Decision Based On
Hub / Repeater Layer 1 — Physical Network Access Electrical signal / bits No decision — regenerates and floods all bits to all ports. No intelligence.
Switch (L2) Layer 2 — Data Link Network Access Ethernet frame header Destination MAC address → MAC address table (CAM table). See: MAC Address Table
Router Layer 3 — Network Internet IP packet header Destination IP address → routing table (longest prefix match). See: show ip route
Layer 3 Switch Layer 2 + 3 Network Access + Internet MAC frame + IP packet MAC address for L2 forwarding; IP for L3 routing between VLANs. Hardware-based routing (ASIC). See: L3 Switch
Firewall (stateful / L4) Layer 3 + 4 Internet + Transport IP header + TCP/UDP header Source/destination IP, port, protocol, connection state (SYN/ACK/FIN tracking). See: ACL/Firewall
Next-Gen Firewall / L7 FW Layers 3–7 All layers Full packet including application payload Application identity (HTTP URL, DNS name, app signature), user identity, content inspection.
Load Balancer Layer 4 or 7 Transport or Application TCP/UDP header (L4) or HTTP content (L7) L4: source IP/port hash or round-robin. L7: HTTP Host header, URL path, cookies.
Wireless AP Layer 1 + 2 Network Access Radio signal → 802.11 frame MAC address (L2 bridging between wireless and wired). See: APs & WLC

9. OSI Upper Layers (5, 6, 7) — Are They Relevant Today?

One source of confusion in CCNA study is that OSI Layers 5 (Session), 6 (Presentation), and 7 (Application) are all collapsed into the single TCP/IP Application layer — and in practice, most modern protocols implement session, presentation, and application functions together in a single protocol stack. This has led some engineers to dismiss OSI upper layers as irrelevant. They are not — they remain analytically useful.

Layer 5 — Session

The Session layer manages the establishment, maintenance, and termination of communication sessions. In practice, session management is handled by:

  • TLS/SSL — establishes and tears down secure sessions (handshake → data transfer → close_notify)
  • SIP (Session Initiation Protocol) — explicitly manages VoIP call sessions (INVITE → 200 OK → BYE)
  • RPC (Remote Procedure Call) — manages distributed application sessions
  • SQL sessions — database connection establishment and teardown

Layer 6 — Presentation

The Presentation layer handles data translation between different formats and encryption. In modern networking:

  • TLS encryption — encrypts data before handing to TCP (Presentation function)
  • Data serialisation formats — JSON, XML, Protocol Buffers, ASN.1 (used in SNMP and certificates) — translate application data into a format for network transmission
  • Compression — HTTP Content-Encoding (gzip, Brotli) compresses data before transmission
  • Character encoding — ASCII, Unicode, UTF-8 translation

Layer 7 — Application

Layer 7 is the interface between the network and the application. It provides network services directly to user applications — HTTP gives a browser access to web content, DNS resolves names, SMTP transfers email. Unlike the lower layers, Layer 7 protocols are application-specific.

Practical insight: In the TCP/IP model, TLS is often described as "between Layer 4 and Layer 7" because it provides both session-management (Layer 5) and encryption (Layer 6) functions above TCP (Layer 4) but below the application protocol (HTTP, SMTP, etc.). This is why TLS is sometimes called a "Layer 4.5" protocol — it does not fit neatly into any single OSI layer, which is actually a good example of why the OSI model is a theoretical framework and not a literal description of how protocols are implemented.

10. Summary — Key Differences and Practical Takeaways

Aspect OSI Model TCP/IP Model
Number of layers 7 4 (or 5 in the variant)
Created ISO, 1984 — after TCP/IP already existed DARPA/IETF, 1974 onwards — protocols first, model later
Nature Prescriptive theoretical model — defines what each layer should do Descriptive practical model — describes what TCP/IP protocols actually do
Application layers Three separate layers (5, 6, 7) for session, presentation, application One combined Application layer covering all upper-layer functions
Lower layers Two separate layers (1, 2) for Physical and Data Link One combined Network Access layer (or two in 5-layer variant)
Protocol independence Designed to be protocol-independent — any protocol can implement the layers Tightly coupled to TCP/IP protocol suite
Primary use today Education, troubleshooting framework, vendor documentation, security classification Actual network operation — all internet communication uses TCP/IP
Before / Without After / With
Practical summary for the CCNA exam: ✔ Use OSI layer numbers when:
→ Discussing what a device does ("Layer 3 switch", "Layer 2 switch", "Layer 7 load balancer") → Troubleshooting ("Layer 1 problem — check the cable")
→ Describing where a protocol operates ("BGP is a Layer 4 application using TCP port 179") → Security discussions ("Layer 7 firewall", "Layer 3/4 ACL")
→ CCNA exam questions about layers, PDUs, encapsulation, and device types ✔ Use TCP/IP model when:
→ Discussing actual protocol implementations (IP, TCP, HTTP, DNS) → Describing how internet communication works end-to-end
→ Referring to the protocol stack (IP/TCP/HTTP) as a unit ✔ Both models agree on:
→ Transport layer = TCP / UDP → Network layer = IP (Layer 3)
→ These are the two layers that matter most in day-to-day network engineering work → These layers are identical in both models — "Layer 3" and "Layer 4" mean the same thing everywhere in network engineering work
✔ Know the PDU names cold: Data → Segment/Datagram → Packet → Frame → Bits
(Application/Presentation/Session → Transport → Network → Data Link → Physical) (TCP/IP Application → TCP/IP Transport → TCP/IP Internet → TCP/IP Network Access)

See also: OSI Layer Functions | Common Port Numbers | Layer Functions | Packet Flow / show ip route | Frame Forwarding / MAC Table | Common Port Numbers

Test Your Knowledge — OSI vs TCP/IP Quiz

The OSI model has 7 layers and the TCP/IP model has 4. Which three OSI layers are all combined into the single TCP/IP Application layer?

Correct answer is B. The TCP/IP Application layer absorbs OSI Layers 5 (Session), 6 (Presentation), and 7 (Application). This is because TCP/IP was designed around real protocols, which typically implement session management, data encoding, and application logic together in one protocol (e.g., HTTP handles all three). OSI layers 1 and 2 are combined into the TCP/IP Network Access layer; OSI layers 3 and 4 map directly (1:1) to TCP/IP Internet and Transport layers. See: OSI Layer Functions

A network engineer says "this is a Layer 2 problem." What does that mean in terms of the OSI model, and what devices/technologies would be investigated?

Correct answer is C. OSI Layer 2 is the Data Link layer. Layer 2 problems involve MAC address tables (CAM tables), VLAN assignments, 802.1Q tagging, STP/RSTP loop prevention, Ethernet frame errors (FCS errors), and duplex mismatches. Layer 2 devices include switches and bridges. OSI Layer 1 is Physical (cables, NICs); Layer 3 is Network (IP, routing); Layer 4 is Transport (TCP/UDP ports). The OSI layer numbering is the universal language for troubleshooting discussions. See: MAC Address Table

What is the correct PDU name for data at each of these OSI layers: Layer 4 (TCP), Layer 3, and Layer 2?

Correct answer is A. Memorise the PDU names in order: Application/Presentation/Session = Data; Transport (TCP) = Segment; Transport (UDP) = Datagram; Network = Packet; Data Link = Frame; Physical = Bits. These are heavily tested on the CCNA exam, particularly the Segment/Packet/Frame distinction at Layers 4, 3, and 2.

Why is the OSI model still taught and used extensively even though the TCP/IP model describes what actually runs the internet?

Correct answer is D. OSI protocols (X.25, FTAM, CLNS) are largely obsolete — TCP/IP has won. But the OSI model's layer vocabulary is universally adopted across all vendors, all certifications, and all networking disciplines. Every network engineer, regardless of their vendor or platform, uses "Layer 3" to mean routing/IP and "Layer 2" to mean switching/MAC. The OSI model is the shared reference frame that makes cross-vendor and cross-platform communication unambiguous.

Which OSI layer does a standard Layer 2 switch operate at, and what does it use to make forwarding decisions?

Correct answer is B. A Layer 2 switch operates at the Data Link layer (Layer 2). It reads the destination MAC address from each incoming Ethernet frame and performs a lookup in its CAM (Content Addressable Memory) table to find the port associated with that MAC. It does not look at IP addresses (that's Layer 3 routing) or TCP ports (that's Layer 4). Layer 1 hubs simply regenerate signals to all ports with no intelligence. See: MAC Address Table

TLS (used in HTTPS) is difficult to categorise in the OSI model. Which OSI layers best describe its functions, and why?

Correct answer is C. TLS spans OSI Layers 5 (Session) and 6 (Presentation). Its session management functions (TLS handshake to establish the secure channel, session resumption, session termination with close_notify) map to Layer 5. Its encryption and decryption of data (transforming plaintext to ciphertext and back) maps to Layer 6. TLS runs above TCP (Layer 4) and below HTTP (Layer 7) — sometimes called "Layer 4.5" because it does not fit neatly into a single OSI layer.

During encapsulation, in what order are headers added to the data as it travels down the OSI stack?

Correct answer is A. Encapsulation adds headers top-down through the OSI stack — each layer wraps the data from the layer above with its own header (and sometimes trailer). The application generates data → Transport adds TCP/UDP header (creating a Segment or Datagram) → Network adds IP header (creating a Packet) → Data Link adds Ethernet header and FCS trailer (creating a Frame) → Physical serialises to bits. De-encapsulation is the reverse — the receiver strips headers bottom-up. See: Packet Flow / show ip route

Where does ARP (Address Resolution Protocol) sit in the OSI model, and why is its placement debated?

Correct answer is D. ARP is the classic "between layers" example. It is carried in Ethernet frames (it has its own EtherType 0x0806) — that's a Layer 2 characteristic. But its entire purpose is to translate Layer 3 IP addresses into Layer 2 MAC addresses — that's a Layer 3 function. Different sources place it at Layer 2, Layer 3, or explicitly say "Layer 2.5" to acknowledge this ambiguity. On the CCNA exam, if forced to choose one, Layer 2 or "between 2 and 3" is the safe answer. See: ARP / MAC Address

A packet is being inspected by a stateful firewall that can read source/destination IP addresses, TCP port numbers, and track TCP connection state (SYN/ACK/FIN). At which OSI layers is this firewall operating?

Correct answer is B. A stateful firewall inspects both Layer 3 (IP header: source IP, destination IP, protocol) and Layer 4 (TCP/UDP header: source port, destination port, TCP flags for state tracking). This is why it is called a "Layer 4 firewall" — the highest layer it inspects is Layer 4. A next-generation firewall (NGFW) extends inspection to Layer 7 (application content, URL, user identity). See: ACL/Firewall

Which statement correctly describes the relationship between the OSI model and the TCP/IP model?

Correct answer is C. The OSI and TCP/IP models are complementary, not competing. Every modern network runs TCP/IP protocols (IP, TCP, UDP, HTTP, etc.) — but network engineers use OSI layer terminology daily to discuss, design, troubleshoot, and document those same networks. The models describe the same physical reality at different levels of granularity: TCP/IP (4 layers) for practical protocol mapping, OSI (7 layers) for precise analytical discussion. See: OSI Layer Functions | Common Port Numbers

Related Topics & Step-by-Step Tutorials

Continue your networking fundamentals studies:

Back to Home