Network Basics: The OSI Model in Plain Language
TL;DR — Key Takeaways
- The OSI model is a 7-layer reference framework that describes how data travels from one application to another across a network — it is not software you install or a protocol you configure.
- The 7 layers of the OSI model are: Physical, Data Link, Network, Transport, Session, Presentation, and Application (bottom to top).
- Data flows down the layers on the sending side (encapsulation) and up the layers on the receiving side (decapsulation), picking up and stripping headers at each step.
- The TCP/IP model is what the internet actually runs on, but the OSI model remains the universal teaching and troubleshooting framework.
- Every major IT certification — CompTIA Network+, Security+, CCNA — tests your knowledge of the OSI model layers and how they map to real-world networking.
- Thinking in layers helps you isolate problems fast: is the cable bad (Layer 1)? Is the IP wrong (Layer 3)? Is the port blocked (Layer 4)?
If you have ever tried to figure out why a website will not load, why a file transfer stalls, or why two devices on the same network refuse to talk to each other, you have — whether you knew it or not — been troubleshooting across the layers of the OSI model. Is the cable plugged in? Does the device have an IP address? Is the right port open? Each of those questions targets a different layer.
The OSI model is not a piece of software, a protocol, or something you install. It is a mental map — a shared vocabulary that lets network engineers, security analysts, software developers, and help-desk technicians all talk about the same concepts in the same way. Every IT certification, from CompTIA Network+ to CCNA, tests it. Every vendor’s documentation references it. And once you understand it, troubleshooting network issues becomes dramatically more systematic.
In this guide, we will walk through all seven layers of the OSI model in plain language. Each layer gets a real-world analogy, the protocols and devices you will encounter there, and links to relevant tools and articles on this site so you can go deeper on any concept that interests you.
What Is the OSI Model?
The OSI model — short for Open Systems Interconnection model — is a conceptual framework created by the International Organization for Standardization (ISO) in 1984. Its formal specification is ISO/IEC 7498-1, and its purpose was straightforward: give the entire networking industry a common reference model so that products from different vendors could interoperate.
Before the OSI model existed, every vendor had its own proprietary networking stack. IBM had SNA, Novell had IPX/SPX, Apple had AppleTalk. Engineers trained on one system could not easily reason about another. The OSI model solved this by defining seven abstract layers, each responsible for a specific slice of the communication process. It standardized how we talk about networking, even if no real-world protocol suite maps to it perfectly.
Here is the critical distinction: the OSI model is a reference model, not a protocol. You will never install “OSI” on a server or configure an “OSI interface” on a router. Instead, you use the OSI model to classify the protocols and hardware you already work with — HTTP operates at Layer 7, TCP operates at Layer 4, Ethernet operates at Layer 2, and so on.
The 7 Layers of the OSI Model
The seven OSI model layers are numbered from the bottom up. Layer 1 is closest to the physical wire (or radio wave), and Layer 7 is closest to the user. A popular mnemonic to remember the layers from bottom to top is: “Please Do Not Throw Sausage Pizza Away” (Physical, Data Link, Network, Transport, Session, Presentation, Application).
Let us walk through each one.
Application Layer
The Application layer is where network-aware software interacts with the network. It is the layer you “touch” every time you open a web browser, send an email, or transfer a file. Importantly, the Application layer is not the application itself — it is the set of protocols that the application uses to communicate over the network.
Protocols: HTTP, HTTPS, FTP, SMTP, POP3, IMAP, DNS, SNMP, SSH, Telnet
When you would think about this layer: A user reports that a website shows a “502 Bad Gateway” error. The physical connection is fine, the IP is reachable, the port is open — but the application-layer protocol (HTTP) is returning an error. You might also investigate here if DNS resolution is failing, which prevents the browser from finding the server’s IP address in the first place.
Related tools: DNS Lookup • My IP Address • Port Number Reference
Presentation Layer
The Presentation layer is responsible for translating data between the format the application uses and the format the network requires. It handles three main tasks: data format translation (converting between character sets like ASCII and EBCDIC), encryption and decryption (TLS/SSL operates here conceptually), and compression (reducing the size of data before transmission).
Protocols and standards: TLS/SSL, JPEG, GIF, PNG, MPEG, ASCII, EBCDIC, encryption algorithms
When you would think about this layer: A user connects to a website and gets a certificate error. The HTTPS handshake — where the browser and server negotiate encryption — is failing at the Presentation layer. Or suppose two systems exchange data files but one interprets the characters incorrectly; that is a Presentation-layer encoding mismatch.
Session Layer
The Session layer establishes, maintains, and terminates communication sessions between two devices. Think of it as managing the “conversation”: it decides when to open a connection, keeps it alive as long as needed, and tears it down cleanly when finished. It also handles checkpointing — if a large file transfer fails partway through, the Session layer can resume from the last checkpoint rather than starting over.
Protocols: NetBIOS, RPC (Remote Procedure Call), PPTP, SIP
When you would think about this layer: A VPN tunnel keeps dropping and re-establishing. The session management — the logic that negotiates, maintains, and gracefully closes the connection — is a Session-layer concern. Similarly, if a file transfer application loses its connection but cannot resume where it left off, session management may be the culprit.
Transport Layer
The Transport layer is where reliability, flow control, and multiplexing happen. Its two dominant protocols are TCP (Transmission Control Protocol), which guarantees ordered, error-checked delivery, and UDP (User Datagram Protocol), which sacrifices reliability for speed. This layer also introduces port numbers — the mechanism that lets multiple applications share a single IP address. Web traffic defaults to port 443 (HTTPS), DNS uses port 53, and so on.
Protocols: TCP, UDP
Key concepts: Port numbers, segmentation, flow control, error recovery, three-way handshake (SYN, SYN-ACK, ACK)
When you would think about this layer: You can ping a server (Layer 3 works), but you cannot connect to the web application. A firewall might be blocking the destination port, or the service might not be listening. You would check with a tool like telnet 192.168.1.10 443 or Test-NetConnection to verify Layer 4 connectivity.
Related tools: Port Number Reference • Common Network Ports Explained • What Is a Firewall?
Network Layer
The Network layer is responsible for logical addressing and routing — getting packets from the source network to the destination network, even if they are on opposite sides of the planet. This is where IP addresses live. Routers are the defining device at Layer 3: they examine the destination IP address of each packet and decide which interface to forward it through.
Protocols: IPv4, IPv6, ICMP (ping, traceroute), ARP (sometimes classified here, sometimes at Layer 2), OSPF, BGP
Devices: Routers, Layer 3 switches
When you would think about this layer: A device cannot reach anything outside its own subnet. You check: does it have a valid IP address? Is it a public or private IP? Is the subnet mask correct? Is there a default gateway configured, and is the gateway reachable? These are all Layer 3 questions.
Related tools & articles: My IP Address • Subnet Calculator • Subnetting for Beginners • How to Troubleshoot Network Connectivity
Data Link Layer
The Data Link layer handles communication within a single network segment — the local neighborhood, not the cross-country journey. It uses MAC addresses (Media Access Control) to identify devices on the same physical or logical network. Switches are the quintessential Layer 2 device: they read the destination MAC address in each frame and forward it to the correct port.
This layer is divided into two sublayers: the LLC (Logical Link Control) sublayer, which interfaces with the Network layer above, and the MAC sublayer, which controls access to the physical medium.
Protocols and standards: Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), PPP, ARP (also placed here by many references)
Devices: Switches, bridges, NICs (network interface cards)
When you would think about this layer: Two devices on the same switch cannot communicate. You check: are the MAC addresses correct? Is there a VLAN mismatch? Is the switch port in an error-disabled state? Is Spanning Tree blocking the port? All Layer 2 questions.
Related tools & articles: MAC Address Lookup • What Is a MAC Address?
Physical Layer
The Physical layer is the foundation of the OSI model. It deals with the actual transmission of raw bits — ones and zeros — over a physical medium. That medium could be a copper cable (Cat5e, Cat6), a fiber-optic strand, a wireless radio frequency, or even Bluetooth. This layer defines electrical voltages, signal timing, connector pin-outs (like RJ45), cable lengths, and modulation schemes.
Hardware: Cables (copper, fiber), hubs, repeaters, connectors (RJ45, LC, SC), wireless access point radios, patch panels
When you would think about this layer: A device has no network connectivity whatsoever — no link light on the NIC, no carrier signal detected. You check: is the cable plugged in? Is it damaged? Is the patch cable seated properly in the switch port? Is the wireless antenna functioning? These are the most fundamental, “have you tried turning it off and on” questions.
How Data Flows Through the OSI Model Layers
Understanding the individual layers is important, but the real power of the OSI model is seeing how they work together. When you send data across a network — loading a web page, for example — that data passes through all seven layers in a process called encapsulation.
Encapsulation (Sending Side)
On the sending device, your data starts at Layer 7 and moves downward. At each layer, the data gets wrapped in a new header (and sometimes a trailer) that contains the control information that layer needs. The OSI model gives each wrapped unit a specific name — its Protocol Data Unit (PDU):
| Layer | PDU Name | What Gets Added |
|---|---|---|
| Layer 7–5 | Data | Application-specific formatting, session info, encryption |
| Layer 4 | Segment / Datagram | Source & destination port numbers, sequence numbers |
| Layer 3 | Packet | Source & destination IP addresses, TTL |
| Layer 2 | Frame | Source & destination MAC addresses, error-checking (FCS) |
| Layer 1 | Bits | Converted to electrical signals, light pulses, or radio waves |
Decapsulation (Receiving Side)
At the receiving device, the process reverses. The Physical layer receives raw bits and passes them up. Each layer strips off its header, reads the control information, and hands the remaining payload to the layer above. By the time the data reaches Layer 7, it is back in its original form — ready for the application to use.
This layered approach is what makes modern networking modular. You can swap out the Physical layer (copper to fiber, wired to wireless) without touching anything at Layer 4 or above. You can change from IPv4 to IPv6 at Layer 3 without rewriting your web application at Layer 7. Each layer does its job and trusts the others to do theirs.
OSI Model vs TCP/IP Model
If the OSI model is the theoretical framework, the TCP/IP model is the practical implementation. The internet runs on TCP/IP, not OSI. The TCP/IP model was developed by the U.S. Department of Defense in the 1970s — a full decade before the OSI model was published — and it consolidates the seven OSI layers into just four.
| OSI Model (7 Layers) | TCP/IP Model (4 Layers) | Key Protocols |
|---|---|---|
| 7 – Application | Application | HTTP, HTTPS, FTP, DNS, SMTP, SSH |
| 6 – Presentation | TLS/SSL, JPEG, MPEG | |
| 5 – Session | NetBIOS, RPC, SIP | |
| 4 – Transport | Transport | TCP, UDP |
| 3 – Network | Internet | IP, ICMP, ARP, OSPF, BGP |
| 2 – Data Link | Network Access (Link) | Ethernet, Wi-Fi, PPP |
| 1 – Physical | Cables, connectors, signals |
So which one should you learn? Both. The TCP/IP model reflects how protocols are actually implemented. The OSI model provides finer granularity that is invaluable for troubleshooting and for certification exams. When someone says “that is a Layer 2 issue,” they are speaking OSI. When someone says “the application layer handles that,” they might be speaking either model — context tells you which.
The practical difference comes down to this: the TCP/IP model merges Layers 5, 6, and 7 into a single “Application” layer, and Layers 1 and 2 into a single “Network Access” layer. The TCP/IP model does not care whether your problem is specifically session management (Layer 5) versus encryption (Layer 6) — the OSI model does, and that extra specificity helps when you are narrowing down a root cause.
Why the OSI Model Still Matters
You might wonder: if the internet runs on TCP/IP, why bother learning a 40-year-old reference model? The answer is that the OSI model has become something far more useful than a protocol specification — it has become a common language.
- Troubleshooting: When a network issue occurs, thinking in layers lets you systematically isolate the problem. Instead of randomly trying fixes, you start at Layer 1 and work up (or start at Layer 7 and work down), ruling out each layer until you find the culprit. Our network troubleshooting guide uses this exact approach.
- Certification exams: CompTIA Network+, CompTIA Security+, Cisco CCNA, and virtually every other networking certification test your understanding of the OSI model. It is not optional material — it is foundational.
- Vendor documentation: Firewall vendors, switch manufacturers, and cloud providers all reference OSI layers in their documentation. A firewall admin guide might say “this feature operates at Layers 3 through 7” — if you do not know the OSI model, that sentence is meaningless.
- Cross-discipline communication: A developer, a network engineer, and a security analyst can all use OSI layer numbers as shorthand. “The problem is at Layer 4” instantly narrows the conversation to transport-layer issues like port connectivity and TCP handshakes.
Troubleshooting with the OSI Model
Let us put the OSI model to work with a practical example. A user reports: “I cannot load a website.” Here is how you would systematically troubleshoot using the OSI model layers, working from the bottom up:
Layer 1 — Physical: Is the Ethernet cable plugged in? Is the Wi-Fi adapter enabled? Is there a link light on the NIC and on the switch port?
Layer 2 — Data Link: Does the NIC have a valid MAC address? Is the link light steady (not just blinking error patterns)? Can other devices on the same switch communicate?
Layer 3 — Network: Does the device have a valid IP address (not an APIPA 169.254.x.x address)? Is the subnet mask correct? Can you ping the default gateway? Can you ping an external IP like 8.8.8.8?
Layer 4 — Transport: Can you connect to the destination on port 443? Run telnet example.com 443 or Test-NetConnection example.com -Port 443. If this fails, a firewall may be blocking the port.
Layer 7 — Application: Is DNS resolving the domain name? Try nslookup example.com. If DNS works but the site still will not load, the issue may be with the web server itself, a misconfigured certificate (Presentation layer), or an application error.
This bottom-up approach is the most efficient way to troubleshoot because each layer depends on the ones below it. There is no point checking DNS (Layer 7) if the device does not have an IP address (Layer 3). There is no point checking the IP address if the cable is unplugged (Layer 1). For a complete walkthrough, see our guide on how to troubleshoot network connectivity.
Quick Reference: OSI Layers and Common Troubleshooting Commands
| Layer | Check | Command / Action |
|---|---|---|
| 1 – Physical | Link status | Check cable, link lights; ethtool eth0 (Linux) |
| 2 – Data Link | MAC / ARP | arp -a, ip neighbor (Linux) |
| 3 – Network | IP & routing | ping 8.8.8.8, tracert / traceroute, ipconfig / ip addr |
| 4 – Transport | Port connectivity | telnet host 443, Test-NetConnection -Port 443, netstat -an |
| 7 – Application | DNS & HTTP | nslookup, dig, curl -I https://example.com |
Frequently Asked Questions
What is the OSI model used for?
The OSI model is used as a universal reference framework for understanding and troubleshooting network communications. It provides a common vocabulary that lets engineers, developers, and support staff describe where a problem is occurring (for example, “this is a Layer 3 issue”). It is also heavily tested in IT certification exams and referenced throughout vendor documentation. While you never “install” the OSI model, you use it constantly to reason about how protocols, devices, and data flows interact.
How many layers does the OSI model have?
The OSI model has seven layers. From bottom to top they are: Physical (Layer 1), Data Link (Layer 2), Network (Layer 3), Transport (Layer 4), Session (Layer 5), Presentation (Layer 6), and Application (Layer 7). A common mnemonic to remember the order is “Please Do Not Throw Sausage Pizza Away.”
What is the difference between the OSI model and TCP/IP model?
The OSI model has seven layers and is a theoretical reference framework. The TCP/IP model has four layers and is the practical protocol suite the internet actually runs on. The TCP/IP model combines OSI Layers 5, 6, and 7 into a single Application layer and merges Layers 1 and 2 into a Network Access layer. The OSI model is better for teaching and troubleshooting because of its finer granularity; the TCP/IP model reflects real-world protocol implementation.
Which OSI layer does a router operate at?
Routers operate at Layer 3 (the Network layer). They make forwarding decisions based on destination IP addresses. When a packet arrives, the router examines the Layer 3 header, consults its routing table, and sends the packet out the appropriate interface toward its destination. Some modern routers also perform functions at higher layers (such as deep packet inspection at Layer 7), but their defining role is Layer 3 routing.
Which OSI layer do switches operate at?
Traditional network switches operate at Layer 2 (the Data Link layer). They read the destination MAC address in each Ethernet frame and forward it to the correct physical port. However, Layer 3 switches also exist — these combine switching and routing capabilities, making forwarding decisions based on both MAC addresses and IP addresses.
Do I need to memorize the OSI model?
If you are pursuing any IT career or certification, yes. The OSI model is tested on CompTIA Network+, CompTIA Security+, Cisco CCNA, and many other exams. Beyond exams, knowing the layers by heart makes you a faster troubleshooter and a more effective communicator with other technical professionals. Use the mnemonic “Please Do Not Throw Sausage Pizza Away” to remember the seven layers from bottom to top.
References
- ISO/IEC 7498-1:1994 — Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model — iso.org
- Cisco Networking Academy — Introduction to Networks: OSI and TCP/IP Models — netacad.com
- CompTIA Network+ Certification Study Guide — OSI Model Objectives — comptia.org
- Cloudflare Learning Center — What Is the OSI Model? — cloudflare.com
- Professor Messer — CompTIA Network+ Training Course: OSI Model — professormesser.com