The OSI model

 The OSI model:

The OSI model can be broken down into seven distinct layers, each of which plays a critical role in the exchange of data between devices on a network. Here is a more structured explanation of the OSI model, tailored for cyber security students:

  1. Physical Layer: This layer is responsible for the physical transmission of data over the network. It defines the electrical, mechanical, and functional specifications for the physical connection between devices, as well as the format of the data that is transmitted over the connection.

  2. Data Link Layer: This layer is responsible for the reliable transmission of data over the physical connection. It breaks the data into frames, adds a header to each frame that includes addressing information, and performs error detection and correction to ensure that the data arrives at its destination intact.

  3. Network Layer: This layer is responsible for the routing of data between devices on different networks. It uses logical addresses, such as IP addresses, to identify the source and destination of the data and determines the most efficient path for the data to travel over the network.

  4. Transport Layer: This layer is responsible for the reliable transfer of data between applications running on different devices. It provides end-to-end error recovery and flow control, ensuring that the data is delivered in the correct order and without errors.

  5. Session Layer: This layer is responsible for establishing and maintaining communication sessions between applications on different devices. It manages the session and ensures that the data is transmitted securely and efficiently.

  6. Presentation Layer: This layer is responsible for data representation and encryption. It translates data between different formats, such as ASCII and Unicode, and encrypts the data to ensure that it is protected from unauthorized access.

  7. Application Layer: This layer is responsible for providing network services to end-users. It includes applications such as web browsers, email clients, and file transfer utilities.

But this model is not practical enouph in the real world!

The Internet Protocol Suite TCP/IP:


TCP/IP is the de facto protocol that modern networks use. Although you can think of
TCP/IP as a single protocol, it’s actually a combination of two protocols: the Transmission
Control Protocol (TCP) and the Internet Protocol (IP). These two protocols form part of the
Internet Protocol Suite (IPS), a conceptual model of how network protocols send network
traffic over the internet that breaks down network communication into four layers, as shown in Figure








The protocol stack for the IPS is made up of four layers, each with a different role:

 

1.    The Link layer is the lowest level and handles how information is transferred between nodes on a local network.

2.    The Internet layer handles how network nodes are addressed and uses the IP protocol to accomplish this.

3.    The Transport layer manages connections between clients and servers, including the correct ordering of data packets and supporting multiple services by assigning them to different ports.

4.    Finally, the Application layer contains various network protocols like HTTP, SMTP, and DNS, which enable different applications and services to communicate with each other.

 

 

Data Encapsulation:

 

Each layer in the IPS is built on the one below, and each layer is able to encapsulate the

data from the layer above so it can move between the layers. Data transmitted by each

layer is called a protocol data unit (PDU).

 

 

 

Headers, Footers, and Addresses:




The TCP header contains a source and destination port number ➊. These port

numbers allow a single node to have multiple unique network connections. Port numbers

for TCP (and UDP) range from 0 to 65535. Most port numbers are assigned as needed to

new connections, but some numbers have been given special assignments, such as port 80

for HTTP. (You can find a current list of assigned port numbers in the /etc/services file on

most Unix-like operating systems.) A TCP payload and header are commonly called a

segment, whereas a UDP payload and header are commonly called a datagram.

The IP protocol uses a source and a destination address ➋. The destination address allows

the data to be sent to a specific node on the network. The source address allows the receiver

of the data to know which node sent the data and allows the receiver to reply to the sender.

IPv4 uses 32-bit addresses, which you’ll typically see written as four numbers separated

by dots, such as 192.168.10.1. IPv6 uses 128-bit addresses, because 32-bit addresses aren’t

sufficient for the number of nodes on modern networks. IPv6 addresses are usually written

as hexadecimal numbers separated by colons, such as

fe80:0000:0000:0000:897b:581e:44b0:2057. Long strings of 0000 numbers are collapsed

into two colons. For example, the preceding IPv6 address can also be written as

fe80::897b:581e:44b0:2057. An IP payload and header are commonly called a packet.

Ethernet also contains source and destination addresses ➌. Ethernet uses a 64-bit value

called a Media Access Control (MAC) address, which is typically set during manufacture of

the Ethernet adapter. You’ll usually see MAC addresses written as a series of hexadecimal

numbers separated by dashes or colons, such as 0A-00-27-00-00-0E. The Ethernet

payload, including the header and footer, is commonly referred to as a frame.