Exploring the OSI model

The OSI model was originally developed to be an open networking model for computer networks to allow different devices to use a set of mutual protocols (rules) to allow communication between each other over a network. While the OSI model is commonly described as a reference model because it’s not technically implemented on any networked devices such as computers, servers, or networking devices, networking professionals still use its terminology during their discussions and when writing documentation and publications. Therefore, as aspiring networking professionals within the industry, it’s vital to gain a solid understanding of the characteristics and functionality of each layer within the OSI model.

The OSI model contains a total of seven layers that describe how communication occurs between one device and another over a network. Each layer of the OSI model has a unique role and responsibility to ensure a message from a sender contains all the necessary details to be successfully delivered to the intended destination. Imagine the challenges that would exist if networking models did not exist. Imagine writing a letter to a friend and posting it via the postal service with the hope it will be successfully delivered to the destination. However, if the address information is incorrect on the envelope, the postal service may have difficulties locating the destination. If the contents of the message are not correctly formatted or structured, the recipient of the message will not be able to clearly understand the contents. Similarly, on a network without a networking model or protocols, computers will have challenges ensuring their messages are delivered to their destination and that the contents of the messages are properly formatted and structured. Hence, the OSI model is a seven-layered networking model that contains the protocols (rules) and guidelines on how systems can communicate over a network.

The following diagram shows the seven layers of the OSI model:

Figure 1.1 – OSI model

As shown in the preceding diagram, the seven layers of the OSI model are in the following order:

• Application
• Presentation
• Session
• Transport
• Network
• Data Link
• Physical

At each layer of the OSI model, when a message exists at a specific layer, the message is commonly referred to as a Protocol Data Unit (PDU). A PDU is simply described as a single unit of data/information that can be transmitted from one host to another over a network. As the PDU is created at the Application layer of the OSI model of the host, it is referred to as data, which is the raw message. As the PDU travels down the OSI model, each of the lower layers is responsible for attaching additional information within a header onto the PDU to ensure proper addressing details are inserted to deliver the message. This process is commonly referred to as encapsulation. When a host on the network receives the message, the PDU travels upward on the OSI model, where each layer de-encapsulates the message, removing the header information until the raw message is delivered to the Application layer on the recipient device.

The following diagram shows an overview of the process of sending and receiving a message between two devices using the OSI model:

Figure 1.2 – Sending and receiving messages

As shown in the preceding diagram, when the computer sends a message, the message is created at the Application layer of the OSI model and works its way down the stack to the Physical layer. When the server receives the message through the network, the message is sent across the Physical layer and enters the Data Link layer before moving upward to the Application layer of the server.

Furthermore, the upper layers of the OSI model, such as the Application, Presentation, and Session layers, are designed to provide support for the application’s functionality; in other words, they are designed to ensure the datagram (raw message) that’s created by the sender can be transmitted across the network between the sender and receiver. The lower layers of the OSI model, such as the Transport, Network, Data Link, and Physical layers, focus on inserting the addressing information needed to deliver the datagram to the destination. Simply put, you can think of the lower layers as having the responsibility of ensuring end-to-end connectivity between hosts over a network.

Over the next few subsections, you will gain an in-depth understanding of the roles and responsibilities of each layer of the OSI model and how they help devices, such as computers, exchange messages between themselves and another host.

Application layer

The Application layer is the layer that is the closest to the end user, such as yourself. This layer provides an interface so that you can run the applications of a host such as a computer or even a smartphone to communicate with the underlying network protocols of the OSI model. To gain a better understanding of the responsibility and importance of the Application layer, imagine you’re interested in visiting the CompTIA website to learn more about the examination details of the CompTIA Network+ N10-008 certification. A typical user will simply open their favorite web browser application and use their preferred search engine to find CompTIA’s official website at www.comptia.org. Once the user clicks on the Uniform Resource Locator (URL) address, within a couple of seconds, the website downloads onto your device and the web browser renders the web language into something understandable to humans.

The following screenshot shows a standard web browser using HTTPS as the Application layer protocol to communicate with the CompTIA web server:

Figure 1.3 – Observing an Application layer protocol

While this process seems very simple and works well, there are a lot of underlying network protocols that work together to ensure your computer can access the internet and view the website. The end device, such as your computer or even smartphone, has an operating system that allows you to interact with the hardware components of your device to perform tasks. As a user, we generally install additional applications onto our operating system to add new functionality compared to the core functions and features that are present on the bare version of the operating system. Installing a web browser on your computer allows your operating system to interact with the Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) protocols. These are two examples of Application Layer protocols that allow you to interact/interface with web services on a network. Another example is using an email application such as Microsoft Outlook or Thunderbird running on your local computer to interact/interface with the Simple Mail Transfer Protocol (SMTP), an application layer protocol that is responsible for sending email messages over a network.

Each application layer protocol creates a datagram (raw message) or PDU that can only be interpreted by the same application layer protocol that created it. Simply put, a PDU created by HTTPS can only be interpreted by HTTPS and not another application protocol such as SMTP. As you may recall, a protocol is a rule that allows communication between devices over a network. Therefore, each protocol uses its own set of rules and structure for creating a PDU. At the Application layer, the PDU contains only the raw data created by the application layer protocol and does not have any addressing information needed to be delivered to the intended recipient. At the Application layer, the PDU is known as Data. Once the application layer protocol finishes its task of creating the PDU, it passes it down to the next layer, which is the Presentation layer.

Presentation layer

While the application layer protocols of the Application layer create system-dependent data (for example, ASCII or JPEG), the Presentation layer transforms it into an independent format. The PDU is then sent to lower layers to address the receiving system. This allows the Presentation layer on the receiving system to transform the data back into the system-dependent format (ASCII or JPEG) that the Application layer requires.

To gain a better understanding of the Presentation layer, imagine writing a letter to your friend. If you don’t use the proper format of putting the destination delivery address and your sender’s address on the external envelope, the postal service may experience some challenges when attempting to deliver the letter to the correct postal address. Overall, the Presentation layer ensures the PDU is formatted in a way that it will be supported by the lower layers of the OSI model and work on the actual network. Hence, it’s important to ensure the PDU from the Application layer is formatted properly. At this layer of the OSI model, the PDU is still known as Data.

The following are the main responsibilities of the Presentation layer:

• Data formatting (encoding)
• Data compression
• Data encryption
• Data decryption

Once the Presentation layer finishes its task of formatting, encoding, and/or encrypting the PDU, it is sent down the OSI model stack to the next layer, known as the Session layer.

Session layer

Before a host can send a message to another host over a network, the sender needs to establish a logical session between itself and the destination device. The Session layer is responsible for ensuring that the devices across a network can create or establish a session between the sender and receiver. The Session layer is also responsible for maintaining the logical session (connection) between the hosts over the network. This allows each device to transmit their messages between themselves for the duration of the session. Lastly, the Session layer is responsible for terminating the logical session (connection) when both the sender and receiver are no longer communicating with each other. If the session is terminated during data transmission between the two hosts over the network, all data transmission will cease (stop) as well.

The following are the core functions of the Session layer:

• Create/establish a session
• Maintain the session
• Terminate a session

While the PDU exists within the Session layer, it is commonly referred to as Data. Once the Session layer completes its task, the PDU is sent down to the next layer within the networking model, known as the Transport Layer.

Transport layer

Networked devices such as computers, servers, and smart devices send and receive messages between each other very frequently and everything works well. Imagine if a client device such as a computer is requesting the web page from a web server on the internet. What occurs within the OSI model? At the Application layer of the client device, the HTTP application layer protocol of the OSI model creates an HTTP GET message to request the web page from the web server. Keep in mind that the Application layer is not responsible or concerned about how the data is delivered over the network. The data from the application layer protocol such as HTTP is sent down to the Transport layer.

Important note

In the TCP/IP protocol suite, the Transport layer is responsible for delivering the message between the Application layer and the network.

The Transport layer assigns a service port number to the PDU so that the receiving system will know how the Presentation layer should interpret and format the data. Then, the receiving system can read the data in the Application layer.

The following diagram shows a high-level visual representation of the client using HTTP to communicate with the same application layer protocol on the web server:

Figure 1.4 – Application layer protocol communication

The Transport layer ensures datagrams are delivered to the correct application layer protocol by assigning service port numbers to the PDU. Within an operating system that supports TCP/IP, there are 65,535 service port numbers.

The following diagram shows how these ports are categorized:

Figure 1.5 – Service port ranges

The service ports that exist within the range of well-known ports belong to the application layer protocols, which are very common on a network. Some of these common application layer protocols are HTTP, HTTPS, and SMTP. The registered port range belongs to users and organizations who have officially registered a service port number to operate on a custom build application or software. The private/dynamic range belongs to service ports that are temporarily used during communication, such as using a randomly generated service port on the sender’s device as the source port.

While many people will think these ports are physical ports or interfaces on a device, these service ports are logical ports within an operating system. The service ports are the logical entry, while the exit ports on a system are used as doorways for sending and receiving datagrams on a network. You can think of a service port as a traditional airport that is used as a port of entry and exit of a country via air travel. Each service port number is logically mapped to an application layer protocol, so the Transport layer assigns the source and destination service port numbers to the PDU when it’s received from the Application layer.

The following is a brief list of common application layer protocols and their corresponding service ports numbers:

Figure 1.6 – Common application layer protocols

Using the same analogy from earlier, the Application layer on the client device sends the datagram to the Transport layer; the Transport layer encapsulates (inserts) a layer 4 header onto the datagram that contains both the source and destination service port numbers. Once the layer 4 header is added to the datagram from the Application layer, the PDU is referred to as a segment.

The following diagram shows a segment at the Transport layer containing a source and destination service port number with the data received from the application layer protocol:

Figure 1.7 – Segment

As shown in the preceding diagram, the layer 4 header contains the source and destination service port numbers. The Data field contains the data received from the upper layer, such as the Application layer. The source service port number is a randomly generated number between 49,152 and 65,535. Since the source service port number is randomly generated by the operating system of the sender device, it is also referred to as an ephemeral port number. The source port number is important on the datagram as it informs the recipient about the sender’s return address, similar to putting the return address information on a traditional letter. The destination service port number is inserted into the datagram, which informs the destination device about which application layer protocol to deliver the message to. For example, if the client is sending an HTTP message from itself to a web server on the internet, the Transport layer of the client device will insert a randomly generated source port number such as 49,161 and set the destination service port as 80. It uses port 80 since the application layer protocol on the destination device (web server) is running a web service that uses HTTP and HTTP uses service port 80 by default.

The following diagram shows a visual representation of the client sending a message to the web server that is running HTTP as the application layer protocol on service port 80:

Figure 1.8 – HTTP Request message

The following diagram shows the addressing information used by the web server to respond to the client on the network:

Figure 1.9 – HTTP Response message

As shown in the preceding diagram, the Transport layer ensures the correct source and destination services ports are assigned to the HTTP Request and HTTP Response messages. As you have learned thus far, the Transport layer is all about transporting/delivering the messages from one device to another while ensuring the datagrams are delivered to the appropriate application layer protocol on the destination device.

Thus far, we have focused a lot on understanding how service port numbers play a vital role in communication over a network. However, the Transport layer contains two protocols that assist with transporting and delivering datagrams over the network. These Transport layer protocols are as follows:

• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)

As mentioned earlier, the application layer protocols are not responsible for or concerned about the delivery of messages from a sender to a receiver over the network. Hence, the Transport layer uses either TCP or UDP to ensure the messages from the Application layer of the OSI model are delivered to the destination host. The service ports on a system can use either TCP or UDP for communication over a network. Over the next couple of subsections, you will learn about the similarities and differences between TCP and UDP.

Transmission Control Protocol

The Transmission Control Protocol (TCP) is a connection-oriented protocol that establishes a logical connection between the source and destination devices before exchanging messages over a network. This connection is commonly referred to as the TCP three-way handshake.

The following diagram shows a high-level overview of the TCP three-way handshake between two devices:

Figure 1.10 – TCP three-way handshake

The following is a breakdown of this process:

1. The client device wants to communicate with the server, so the client device sends a synchronization (SYN) message to the server. The SYN message is used to initiate a connection with the server. Within the SYN message, a randomly generated sequence number is created. This is used to indicate the beginning or starting sequence number for the data that will be transmitted from the client, as shown in the following diagram:

Figure 1.11 – SYN sequence number

2. The server receives the SYN message from the client and the server responds with an acknowledgment (ACK) message. Within the ACK message is an ACK sequence number; this number is the client’s sequence number + 1. The server also includes a SYN message within its response, containing a randomly generated sequence number to inform the client it also wants to initiate a connection; this message is known as a SYN/ACK, as shown in the following diagram:

Figure 1.12 – SYN/ACK sequence number

3. The client receives the SYN/ACK message from the server and responds with an ACK message. The ACK message from the client contains an increment value of the SYN message received from the server, as shown in the following diagram:

Figure 1.13 – ACK sequence number

Keep in mind that a device will respond with an ACK message for each SYN message it receives over a network. The following diagram shows a more technical representation of the TCP three-way handshake as it occurs between two devices over a network, including randomly generated sequence numbers:

Figure 1.14 – TCP three-way handshake with sequence numbers

Using a network protocol analyzer tool such as Wireshark, network professionals can perform packet analysis on their network infrastructure and analyze the network traffic. The following screenshot shows the TCP three-way handshake captured using Wireshark on a real network:

Figure 1.15 – Wireshark capture

As shown in the preceding screenshot, packet #1 shows a sender, 192.168.0.2, sending a TCP SYN message that has a SYN sequence number of 0 to a destination device with an IP address of 192.168.0.1. Next, packet #2 indicates the device with the IP address of 192.168.0.1 responds with a SYN/ACK message that contains a SYN sequence number of 0 and an ACK sequence number of 1. Lastly, packet #3 indicates that the device with an IP address of 192.168.0.2 responds with an ACK message that contains an ACK sequence number of 1.

Important note

The sequence numbers used by TCP allow a destination device to easily reassemble incoming messages if they are received out-of-order compared to the order they were sent onto the network.

Once a TCP three-way handshake has been established, both hosts will begin sending messages to each other. When a client sends a message to another device using TCP as the Transport layer, the receiver of the message responds with an ACK packet to the sender. The ACK packet confirms the message was delivered successfully. If the sender does not receive an ACK packet from the intended destination host, after a while, the sender will attempt to retransmit the same message, repeating the process to ensure the message is delivered successfully. This is another benefit of using TCP when communicating over a network as it provides guaranteed delivery of messages and retransmits messages when needed.

When both hosts are no longer transmitting data between themselves over the network, TCP will attempt to gracefully tear down/terminate the connection using a four-step process, as shown here:

Figure 1.16 – TCP terminating a connection

As we can see, the client sends a FINISH (FIN) message to the server, indicating it no longer wants to maintain the session. The server responds with an ACK message to the client, indicating it is acknowledging that the client wants to terminate the connection. The server also sends a FIN message to the client to indicate it no longer wants to send any data. The final message is sent from the client – an ACK message – to confirm the termination.

The following are the benefits of using TCP as a transport layer protocol:

• Establishes a session such as the TCP three-way handshake before exchanging data.
• Provides reliability in delivering data over a network.
• Delivers data using the same order of delivery from the sender to the receiver.
• Uses flow control by creating a window size that has been mutually agreed upon between the source and destination hosts. The flow control window size determines the amount of data that can be sent at a time between the hosts.

While there are many benefits to using TCP as the preferred transport layer protocol, there are many disadvantages, such as the following:

• There is more overhead on a network when using TCP as the Transport layer protocol. For each message delivered to a destination device, the receiver responds with an ACK message.
• When a host is sending multiple messages to another host over a network, the messages are not sent all at once. TCP creates a logical window size between the source device and destination device that determines how much data can be sent at a time. TCP will send several messages within the TCP window and wait for acknowledgment messages from the receiver before sending more data. This creates a delay in the delivery of the messages.

In the next section, we will learn about the characteristics of another Transport layer protocol, the User Datagram Protocol (UDP).

User Datagram Protocol

UDP is another Transport layer protocol that assists with delivering messages between devices over a network. Unlike TCP, UDP is a connectionless protocol that does not establish a logical connection between the source and destination devices. Being a connectionless protocol, UDP does not provide any guarantee of delivery of messages over a network, so if any messages are corrupted or discarded, UDP does not attempt to retransmit those messages. UDP does not provide any acknowledgments when messages are delivered, so the sender does not know whether the messages were delivered to the destination host or not. This makes UDP an unreliable Transport layer protocol within the networking model.

When using UDP as the preferred Transport layer protocol, the sender device does not use sequence numbers. As quickly as the datagrams from the Application layers are being sent down to the Transport layer, the Transport layer uses UDP and quickly places the datagrams on the actual network without adding any sequencing information. Therefore, when a destination host receives incoming messages over the network, there is no way to determine how to properly reassemble the messages in their correct order.

While TCP may seem to always be the preferred Transport layer protocol, UDP has some advantages, such as the following:

• Since UDP does not wait for any acknowledgment from the destination host, clients can send messages faster across the network to the destination devices. It is beneficial for application layer protocols that are time-sensitive such as Voice over IP (VoIP) and Video over IP solutions that are used in real time.
• Low overhead on the network since no acknowledgment messages are returning to the sender.
• UDP is commonly used with application layer protocols, which are not dependent on delivery or require acknowledgment.
• UDP is commonly used when applications have more efficient means of guaranteeing delivery of data and do not want the additional overhead TCP requires.

Once the Transport layer inserts its layer 4 header onto the datagram using TCP or UDP, it sends the segment down to the next layer on the OSI model. In the next section, we will learn about the role and functionality of the Network layer within the OSI model.

Network layer

The Network layer of the OSI model is responsible for ensuring the logical addressing information is inserted into the datagram. On a network, each device requires a unique Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) address that allows them to communicate with devices on their local and remote networks. The Network layer encapsulates a layer 3 header onto the datagram by inserting the source and destination IP addresses of the sender and destination host. Without inserting the source IP address onto the datagram, the recipient of the message will not be able to return any messages. Without including a destination IP address in the message, networking devices such as routers will not know how to forward the message to its intended destination. Once the PDU from the Transport layer is encapsulated with the layer 3 header, it is referred to as a Packet.

The following diagram shows a high-level overview of a client sending a message to a server:

Figure 1.17 – Packet header

As shown in the preceding diagram, the packet contains a source IP address of 192.168.1.10, which belongs to the client device, and a destination IP address of 192.168.1.100, which belongs to the web server.

Additionally, the Network layer is responsible for the routing services that occur on the network. Devices such as routers are considered to be layer 3 devices that can interconnect different networks and forward packets between networking using the information within the layer 3 header of the packet, such as the destination IP address. Between a sender and receiver, there may be multiple routers and paths, and each time a router on the network receives a packet, it checks the destination IP address within the layer 3 header of the packet and the routing table on the router to determine whether a valid route to the destination exists. Therefore, a sender must insert the accurate layer 3 addressing (IP addresses) onto the layer 3 header of the packet to ensure networking devices such as routers can forward the packet to the intended destination.

Important note

The source IPv4 address on a packet may change due to the Network Address Translation (NAT) operating on a router. We will discuss the processes and needs of using NAT later in this book.

Internet Protocol (IP) is a connectionless layer 3 protocol that does not establish any logical connection or session between the sender and receiver of the message. Being connectionless simply means the IP will not create a dedicated, logical end-to-end session/connection before sending any data between the source and destination hosts over a network. Therefore, if packets are lost or corrupted during the transmission process, the messages are not retransmitted. Additionally, being connectionless does not notify the intended recipient about any incoming data/messages from a sender.

As the IP is a connectionless layer 3 protocol, it uses its best effort when transmitting data between sender and receiver devices over a network. Since it does not establish any end-to-end connections, it is unreliable and does not provide any guarantee that the data will be delivered to the destination host. However, it provides low overhead on the network as a connectionless protocol. Lastly, the IP indicates to the Transport layer whether or not to use the TCP, UDP, or other protocols in its header information. For example, if the data requires connection-oriented delivery, the IP will indicate TCP.

Important note

The operation of the IP is independent of the type of medium being used to transmit the data, such as wired, wireless, or even fiber optics. The lower layers, such as the Data Link layer of the OSI model, are responsible for ensuring the packets are prepared for the type of medium before they’re placed on the actual network. The Maximum Transmission Unit (MTU) describes the maximum size of a message that can be supported by network media. The default MTU size is 1,500 bytes.

Once the Network layer encapsulates the datagram with a layer 3 header, it passes it down to the next layer of the OSI model, known as the Data Link layer.

Data Link layer

The Data Link layer of the OSI model is responsible for moving the datagrams from the upper layers onto the actual network. This layer handles the flow control regarding how much data is placed (outgoing) on the media, such as a wired, wireless, or fiber optics network medium. It also manages the flow control of incoming messages from the physical network that is going to the upper layers of the OSI model on a host device.

The Data Link layer ensures datagrams from the upper lowers of the OSI model can access the network media. This is because the upper layers are not concerned about the media type that is used to transport the data over the actual network. Whether the Network layer creates an IPv4 or IPv6 packet, the Data Link layer encapsulates a layer 2 header and trailer onto the packet, creating a frame. This frame is crafted by the Data Link layer to meet the requirements needed for it to be sent over the physical network media. Furthermore, the Data Link layer handles error detection to identify whether any incoming frames from the physical network are corrupted and discard them.

Within the Data Link layer, two sublayers assist with ensuring frames are encapsulated, de-encapsulated, and placed on the network:

• Logical Link Control (LLC)
• Media Access Control (MAC)

Over the next few subsections, you will learn about the functionality and roles of each of these sublayers within the Data Link layer of the OSI model.

Logical Link Control

Logical Link Control (LLC) is a sublayer within the Data Link layer of the OSI model and is responsible for ensuring there is communication between the networking applications, software, and protocols of the upper layers of the OSI model and the local host’s device hardware such as the Network Interface Card (NIC). The NIC is a physical hardware-based component that allows a device such as a computer or a smartphone to interact with a wired or wireless network. The LLC inserts information within the frame, which indicates the network layer protocol that is being used within the frame. Additionally, the LLC allows many layer 3 protocols such as IPv4 and IPv6 to use the same network media and device.

Media Access Control

The Media Access Control (MAC) sublayer of the Data Link layer is responsible for performing the data encapsulation process and controlling access to the network device such as the NIC and network media (wired, wireless, or fiber optic). The MAC sublayer is also responsible for inserting the layer 2 physical addressing information onto the layer 2 header of the frame before placing it on the actual network media. The physical layer 2 address information is used to transmit and deliver frames being exchanged on a shared network medium. This layer 2 physical address is commonly referred to as a MAC address or a Burned-In Address (BIA).

A MAC address is a 48-bit address that is embedded onto a NIC by the vendor of the device. The MAC address on a NIC is considered to be unchangeable as the vendor of the device hardcodes it into the firmware of the component, hence the name burned-in address. However, within the cybersecurity industry, the MAC address of a device can easily be changed by a threat actor or cybersecurity professional based on the use case.

The 48-bit (6-byte) binary MAC address is usually written in hexadecimal (ranges 0 – 9, A – F) to easily identify an address apart from another. The first 24 bits (3 bytes) of a MAC address is known as the Organizationally Unique Identifier (OUI) as it is assigned by the vendor of the device/NIC. The OUI portion of a MAC address can help both network and cybersecurity professionals determine the type/vendor of a device that is connected to a network. The last 24 bits (3 bytes) of the MAC address are uniquely addressed.

The following diagram shows an example of the OUI portion of a MAC address:

Figure 1.18 – The OUI portion of a MAC address

MAC addresses are usually presented a bit differently based on the vendor of the device or operating system. The following are examples of the same MAC address in different formats:

• 0060.5c3d.d901: This format is usually used by Cisco systems
• 00-60-5c-3d-d9-01: This format is commonly used on Microsoft Windows operating systems
• 00:60:5c:3d:d9:01: This format is found on Linux-based systems

Important note

MAC addresses are not case-sensitive. However, you may notice they are commonly presented in a lowercase format, while some devices may display them in uppercase.

As an aspiring network professional, you can perform a MAC address vendor lookup by using any of the following websites and pasting the MAC address into the necessary field:

• https://macvendors.com
• https://macaddress.io
• https://www.wireshark.org/tools/oui-lookup.html

The following screenshot shows an example of the OUI lookup while using the Wireshark OUI Lookup Tool:

Figure 1.19 – OUI Lookup Tool

As shown in the preceding screenshot, the 00:60:5c code of the MAC address identifies the manufacturer of the device as Cisco Systems, Inc. This indicates that the device is most likely a networking device on the organization’s network.

Furthermore, the MAC sublayer handles error detection by inserting a trailer into the frame. The trailer of the frame contains the Frame Check Sequence (FCS), which includes the Cyclic Redundancy Check (CRC) value. The CRC is a one-way cryptographic, mathematical representation of the frame and its contents, which is calculated by using a process known as hashing. This helps systems validate the integrity of a message.

The following diagram shows a high-level overview of the layer 2 header and trailer of a frame:

Figure 1.20 – Frame

As shown in the preceding diagram, the frame is encapsulated with a layer 2 header that contains the source and destination MAC addresses, as well as the preamble, which is used to identify the start of the frame with sequencing and synchronization. The preamble helps the receiver of the message determine where the frame begins and how to reassemble the message in the correct order. This is because the messages may not be received in the same order they was sent on the network. Additionally, the trailer of the frame contains the FCS, which contains the CRC value for error detection.

The minimum support frame size on a network is 64 bytes, while the maximum support size is 1,518 bytes of all the contents, including the addressing headers, trailer, and data, excluding the preamble. Therefore, the data within a frame needs to be broken down into smaller blocks to support the acceptable frame sizes. In each of these blocks, data is assigned to the header and trailer to ensure they are delivered to the destination host over the network. The preamble of each of these blocks contains the sequencing details to help reassemble each block on the receiver device. These smaller blocks are commonly referred to as bits as they are placed on the network media in the Physical layer of the OSI model.

Physical layer

When the Data Link layer places the small blocks of data (bits) onto the physical network media, they are converted into electrical signals that are sent through media such as fiber optic, cable, or the air. At the Physical layer, many organizations define various standards and frameworks that describe how data can travel over the network media types. The Physical layer is simply the electrical wires, media type, and even the connections such as ports and interfaces on a network. Each physical component on a network needs a set of rules on how to send and receive data over the physical network.

The following is a list of important organizations that govern how data can be sent over the physical network, how data can be encoded, and the signaling methods:

• International Organization for Standardization (ISO)
• Telecommunications Industry Association/Electronic Industries Association (TIA/EIA)
• International Telecommunication Union (ITU)
• American National Standards Institute (ANSI)
• Institute of Electrical and Electronics Engineers (IEEE)
• Federal Communication Commission (FCC)
• European Telecommunications Standards Institute (ETSI)

The Physical layer of the OSI model addresses the following elements to ensure data can be sent over a network:

• Physical components
• Encoding
• Signaling

The physical components are the hardware elements that you see on a network, such as the networking devices, the physical interfaces/ports on a device, the networking cables that are used to interconnect devices, and so on. Each hardware device, whether it’s the NIC on a computer or a switch, uses a set of standards to ensure devices can transmit messages over the network.

The encoding process is handled by the Data Link layer before the bits are placed onto the Physical layer on the network. The encoding process describes the processes or methods used by a device to convert a stream of messages, such as bits, into code. This code is used to represent patterns that are recognizable by both the sender and receiver devices over the network. Think of an encoding process such as creating a mutual language that can be understood by two users or devices.

The signaling element of the Physical layer describes how the signals are created and placed on the physical network media by a sender device. The signals that are generated by the sender are electrical, wireless, or even optical (light), depending on the network media that is connected to a device. For example, a laptop connected to a wireless router will be converting the messages into a wireless signal before they are sent to the wireless router. A network device such as a switch may convert the messages into an electrical signal to place on a copper cable or into an optical signal (light) to place onto a fiber optic cable for transmission. These signals are usually represented using a 1 or 0 in the digital world; 1 may represent a high voltage on the wire while 0 may represent a low voltage on the wire.

With that, you have understood the fundamentals of the OSI model and how each layer plays a vital role in ensuring messages can be transmitted between a sender and receiver over a network. In the next section, we will learn about the TCP/IP protocol suite and how it compares to the OSI model.