- The OSI model is a 7-layer reference framework that describes how data travels between applications across a network. It is not software you install or a protocol you configure.
- The seven layers, bottom to top: Physical, Data Link, Network, Transport, Session, Presentation, and Application. Mnemonic: Please Do Not Throw Sausage Pizza Away.
- Data flows down the layers when sending (encapsulation) and up the layers when receiving (decapsulation). Each layer adds or strips its own header.
- The internet runs on the TCP/IP model, but the OSI model remains the universal teaching and troubleshooting framework.
- Every major certification tests it. CompTIA Network+ (N10-009), Security+, and Cisco CCNA (200-301) all include OSI model objectives.
- Thinking in layers isolates problems fast. Bad cable? Layer 1. Wrong IP? Layer 3. Blocked port? Layer 4.
Ever tried to figure out why a website will not load? Or why two devices on the same network refuse to talk? You were troubleshooting across the layers of the OSI model, whether you knew it or not. Is the cable plugged in? Does the device have an IP address? Is the right port open? Each question targets a different layer.
The OSI model is not software, a protocol, or something you install. It is a mental map. It gives network engineers, security analysts, developers, and help-desk technicians one shared vocabulary. Every IT certification tests it. Every vendor’s documentation references it. Once you understand it, troubleshooting becomes systematic instead of random.
This guide walks through all seven layers in plain language. Each layer gets a real-world analogy, its key protocols and devices, and links to related tools on this site.
What Is the OSI Model?
The OSI model is a seven-layer framework, published by ISO as ISO/IEC 7498-1, that standardizes how network communication is described. It is a reference model, not a protocol. Engineers use it to classify protocols, hardware, and troubleshooting steps by layer.
OSI stands for Open Systems Interconnection. The International Organization for Standardization (ISO) published the model in 1984. Its goal was simple. Give the entire networking industry one common reference so products from different vendors could interoperate.
Before the OSI model, every vendor had its own proprietary networking stack. IBM had SNA. Novell had IPX/SPX. Apple had AppleTalk. Engineers trained on one system could not easily reason about another. The OSI model solved this by defining seven abstract layers. Each layer owns a specific slice of the communication process. The model standardized how we talk about networking, even though no real protocol suite maps to it perfectly.
Here is the critical distinction. The OSI model is a reference model, not a protocol. You will never install “OSI” on a server or configure an “OSI interface” on a router. Instead, you use the model to classify the protocols and hardware you already work with. HTTP operates at Layer 7. TCP operates at Layer 4. Ethernet operates at Layer 2.
The 7 Layers of the OSI Model
The seven layers, from bottom to top, are Physical, Data Link, Network, Transport, Session, Presentation, and Application. The mnemonic Please Do Not Throw Sausage Pizza Away keeps them in order. Each layer handles one specific slice of the communication process.
The layers are numbered from the bottom up. Layer 1 sits closest to the physical wire or radio wave. Layer 7 sits closest to the user. Let’s walk through each one, starting from the top.
Application Layer
The Application layer is where network-aware software interacts with the network. You “touch” this layer every time you open a browser, send an email, or transfer a file. One important nuance: the Application layer is not the application itself. It is the set of protocols the application uses to communicate over the network.
Protocols: HTTP, HTTPS, FTP, SMTP, POP3, IMAP, DNS, SNMP, SSH, Telnet
When you think about this layer: A user reports a “502 Bad Gateway” error. The connection is fine, the IP is reachable, and the port is open. The application-layer protocol (HTTP) itself is returning the error. You would also look here if DNS resolution fails, since the browser cannot find the server’s IP without it.
Related tools: DNS Lookup • My IP Address • Port Number Reference
Presentation Layer
The Presentation layer translates data between the format the application uses and the format the network requires. It handles three main jobs. Format translation converts between character sets like ASCII and EBCDIC. Encryption and decryption happen here conceptually, which is where TLS/SSL is usually placed. Compression shrinks data before transmission.
Protocols and standards: TLS/SSL, JPEG, GIF, PNG, MPEG, ASCII, EBCDIC
When you think about this layer: A user connects to a website and gets a certificate error. The HTTPS handshake, where browser and server negotiate encryption, is failing at the Presentation layer. Encoding mismatches between systems are also Presentation-layer problems.
Session Layer
The Session layer establishes, maintains, and terminates communication sessions between two devices. Think of it as managing the conversation. It opens the connection, keeps it alive as long as needed, and tears it down cleanly. It also handles checkpointing. If a large transfer fails partway through, the session can resume from the last checkpoint instead of starting over.
Protocols: NetBIOS, RPC (Remote Procedure Call), PPTP, SIP
When you think about this layer: A VPN tunnel keeps dropping and re-establishing. The logic that negotiates, maintains, and closes the connection is a Session-layer concern. A file transfer that cannot resume after a disconnect points here too.
Transport Layer
The Transport layer handles reliability, flow control, and multiplexing. Its two dominant protocols split the work. TCP guarantees ordered, error-checked delivery. UDP trades reliability for speed. This layer also introduces port numbers, the mechanism that lets many applications share one IP address. Web traffic defaults to port 443 (HTTPS). DNS uses port 53.
Protocols: TCP, UDP
Key concepts: Port numbers, segmentation, flow control, error recovery, the three-way handshake (SYN, SYN-ACK, ACK)
When you think about this layer: You can ping a server, so Layer 3 works. But you cannot connect to the web application. A firewall may be blocking the port, or the service may not be listening. Verify with telnet 192.168.1.10 443 or Test-NetConnection.
Related tools: Port Number Reference • Common Network Ports Explained • What Is a Firewall?
Network Layer
The Network layer owns logical addressing and routing. Its job is moving packets from the source network to the destination network, even across the planet. IP addresses live here. Routers are the defining Layer 3 device. They read each packet’s destination IP and choose the right outgoing interface.
Protocols: IPv4, IPv6, ICMP (ping, traceroute), OSPF, BGP. ARP is sometimes classified here and sometimes at Layer 2.
Devices: Routers, Layer 3 switches
When you think about this layer: A device cannot reach anything outside its own subnet. Check the basics. Does it have a valid IP address? Is it a public or private IP? Is the subnet mask correct? Is the default gateway configured and reachable? All Layer 3 questions.
Related tools & articles: My IP Address • Subnet Calculator • Subnetting for Beginners • How to Troubleshoot Network Connectivity
Data Link Layer
The Data Link layer handles communication within a single network segment. It covers the local neighborhood, not the cross-country journey. Devices on the same segment identify each other by MAC address. Switches are the quintessential Layer 2 device. They read the destination MAC in each frame and forward it to the correct port.
This layer splits into two sublayers. The LLC (Logical Link Control) sublayer interfaces with the Network layer above. The MAC sublayer controls access to the physical medium.
Protocols and standards: Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), PPP. Many references place ARP here.
Devices: Switches, bridges, NICs (network interface cards)
When you think about this layer: Two devices on the same switch cannot communicate. Are the MAC addresses correct? Is there a VLAN mismatch? Is the switch port error-disabled? Is Spanning Tree blocking the port? All Layer 2 questions.
Related tools & articles: MAC Address Lookup • What Is a MAC Address?
Physical Layer
The Physical layer is the foundation. It transmits raw bits, the ones and zeros, over a physical medium. That medium could be copper cable (Cat5e, Cat6), fiber optic, wireless radio, or Bluetooth. This layer defines voltages, signal timing, connector pin-outs like RJ45, cable lengths, and modulation schemes.
Hardware: Cables (copper, fiber), hubs, repeaters, connectors (RJ45, LC, SC), access point radios, patch panels
When you think about this layer: A device has no connectivity at all. No link light on the NIC. No carrier signal. Is the cable plugged in? Is it damaged? Is the patch cable seated in the switch port? These are the most fundamental checks of all.
How Data Flows Through the OSI Model Layers
Data moves down the seven layers on the sending device and up the layers on the receiver. Each layer adds a header on the way down (encapsulation) and strips it on the way up (decapsulation). The wrapped unit at each layer is called its Protocol Data Unit.
Understanding individual layers matters. Seeing how they work together is where the model earns its keep. When you load a web page, your request passes through all seven layers in a process called encapsulation.
Encapsulation (Sending Side)
On the sending device, data starts at Layer 7 and moves downward. Each layer wraps the data in a new header, and sometimes a trailer, carrying that layer’s control information. The wrapped unit at each stage has a formal name. That name is its Protocol Data Unit (PDU).
| Layer | PDU Name | What Gets Added |
|---|---|---|
| Layer 7–5 | Data | Application formatting, session info, encryption |
| Layer 4 | Segment / Datagram | Source & destination port numbers, sequence numbers |
| Layer 3 | Packet | Source & destination IP addresses, TTL |
| Layer 2 | Frame | Source & destination MAC addresses, error-checking (FCS) |
| Layer 1 | Bits | Converted to electrical signals, light pulses, or radio waves |
Decapsulation (Receiving Side)
At the receiving device, the process reverses. The Physical layer receives raw bits and passes them up. Each layer strips its header, reads the control information, and hands the payload to the layer above. By Layer 7, the data is back in its original form and ready for the application.
This layered design is what makes modern networking modular. You can swap the Physical layer, copper to fiber or wired to wireless, without touching Layer 4. You can move from IPv4 to IPv6 at Layer 3 without rewriting your web application at Layer 7. Each layer does its job and trusts the others to do theirs.
OSI Model vs TCP/IP Model
The OSI model has seven layers and serves as the teaching and troubleshooting reference. The TCP/IP model has four layers and reflects how the internet actually works. TCP/IP merges OSI Layers 5 through 7 into one Application layer and Layers 1 and 2 into Network Access.
If the OSI model is the theory, the TCP/IP model is the practice. The internet runs on TCP/IP, not OSI. The U.S. Department of Defense developed the TCP/IP suite in the 1970s, a full decade before the OSI model was published. Its model consolidates the seven OSI layers into four.
| OSI Model (7 Layers) | TCP/IP Model (4 Layers) | Key Protocols |
|---|---|---|
| 7 – Application | Application | HTTP, HTTPS, FTP, DNS, SMTP, SSH |
| 6 – Presentation | TLS/SSL, JPEG, MPEG | |
| 5 – Session | NetBIOS, RPC, SIP | |
| 4 – Transport | Transport | TCP, UDP |
| 3 – Network | Internet | IP, ICMP, ARP, OSPF, BGP |
| 2 – Data Link | Network Access (Link) | Ethernet, Wi-Fi, PPP |
| 1 – Physical | Cables, connectors, signals |
Which one should you learn? Both. The TCP/IP model reflects how protocols are actually implemented. The OSI model offers finer granularity, which pays off in troubleshooting and on certification exams. When someone says “that is a Layer 2 issue,” they are speaking OSI.
The practical difference comes down to lumping versus splitting. TCP/IP merges Layers 5, 6, and 7 into one Application layer. It also merges Layers 1 and 2 into Network Access. TCP/IP does not care whether your problem is session management (Layer 5) or encryption (Layer 6). The OSI model does. That extra specificity helps when you are narrowing a root cause.
Why the OSI Model Still Matters
The OSI model survives because it is a shared vocabulary. It structures troubleshooting, anchors certification exams like CompTIA Network+ (N10-009) and Cisco CCNA (200-301), and appears throughout vendor documentation. Layer numbers give technical teams instant shorthand for locating problems.
Fair question: if the internet runs on TCP/IP, why learn a 40-year-old reference model? Because the OSI model became something more useful than a protocol specification. It became a common language.
- Troubleshooting. Thinking in layers lets you isolate problems systematically. Start at Layer 1 and work up, or start at Layer 7 and work down. Rule out each layer until you find the culprit. Our network troubleshooting guide uses this exact approach.
- Certification exams. CompTIA Network+ (N10-009), CompTIA Security+, and Cisco CCNA (200-301) all test the OSI model. It is foundational material, not optional.
- Vendor documentation. Firewall vendors, switch manufacturers, and cloud providers all reference OSI layers. A firewall admin guide might say “this feature operates at Layers 3 through 7.” Without the model, that sentence is meaningless.
- Cross-discipline communication. A developer, a network engineer, and a security analyst can all use layer numbers as shorthand. “The problem is at Layer 4” instantly narrows the conversation to ports and TCP handshakes.
Layer 8: The Human Layer
Spend time around network engineers and you will hear someone blame “a Layer 8 issue.” The OSI model officially stops at seven. Layer 8 is an in-joke for the user sitting at the keyboard.
It is the polite way to say the problem was human error. A mistyped password or an unplugged cable the user swears they never touched. Related shorthand includes PEBKAC, “problem exists between keyboard and chair.”
The joke extends upward too. Some teams call Layer 9 the organization or politics, and Layer 10 government or legal compliance. Security writer Bruce Schneier popularized that framing. There is a serious point underneath. The user layer is the favorite target of social engineering, phishing, and pretexting attacks. No firewall rule patches a person who clicks the wrong link.
Troubleshooting with the OSI Model
Work from Layer 1 upward. Check the cable and link lights first. Then verify MAC and ARP, then IP addressing and the gateway. Finish with port connectivity, then DNS and the application. Each layer depends on the layers below it, so the order matters.
Let’s put the model to work. A user reports: “I cannot load a website.” Here is the systematic bottom-up walkthrough.
Layer 1 — Physical: Is the Ethernet cable plugged in? Is the Wi-Fi adapter enabled? Is there a link light on the NIC and the switch port?
Layer 2 — Data Link: Does the NIC have a valid MAC address? Can other devices on the same switch communicate?
Layer 3 — Network: Does the device have a valid IP address, not an APIPA 169.254.x.x address? Is the subnet mask correct? Can you ping the default gateway? Can you ping an external IP like 8.8.8.8?
Layer 4 — Transport: Can you connect to the destination on port 443? Run telnet example.com 443 or Test-NetConnection example.com -Port 443. If this fails, a firewall may be blocking the port.
Layer 7 — Application: Is DNS resolving the name? Try nslookup example.com. If DNS works and the site still fails, suspect the web server or an application error. A bad certificate (Presentation layer) is another common culprit.
The bottom-up approach is efficient because each layer depends on the ones below it. There is no point checking DNS if the device has no IP address. There is no point checking the IP if the cable is unplugged. For the complete walkthrough, see how to troubleshoot network connectivity.
Quick Reference: OSI Layers and Common Troubleshooting Commands
| Layer | Check | Command / Action |
|---|---|---|
| 1 – Physical | Link status | Check cable, link lights; ethtool eth0 (Linux) |
| 2 – Data Link | MAC / ARP | arp -a, ip neighbor (Linux) |
| 3 – Network | IP & routing | ping 8.8.8.8, tracert / traceroute, ipconfig / ip addr |
| 4 – Transport | Port connectivity | telnet host 443, Test-NetConnection -Port 443, netstat -an |
| 7 – Application | DNS & HTTP | nslookup, dig, curl -I https://example.com |
Related Tools & Resources
NetworkCheckr pairs this guide with free tools at nearly every layer. Use the Subnet Calculator and My IP Address tool for Layer 3. Reach for the Port Number Reference at Layer 4 and the DNS Lookup at Layer 7. All run in your browser.
- Subnet Calculator — work out masks, ranges, and host counts at Layer 3.
- My IP Address — see your public IP and connection details instantly.
- MAC Address Lookup — identify the vendor behind any Layer 2 address.
- Port Number Reference — the Layer 4 port catalog, searchable.
- DNS Lookup — query any record type at Layer 7.
- DNS Records Explained — the companion guide to every common record type.
- How to Troubleshoot Network Connectivity — the layer-by-layer method in full.
- All NetworkCheckr Tools — the complete collection of free utilities.
Frequently Asked Questions
Six questions cover the essentials. What the OSI model is used for. How many layers it has. How it differs from the TCP/IP model. Which layers routers and switches operate at. And whether you actually need to memorize it for your career.
What is the OSI model used for?
The OSI model is a universal reference framework for understanding and troubleshooting network communication. It gives engineers, developers, and support staff a shared vocabulary for describing where a problem occurs. Saying “this is a Layer 3 issue” instantly narrows the search. The model is also tested on every major IT certification and referenced throughout vendor documentation.
How many layers does the OSI model have?
The OSI model has seven layers. From bottom to top they are Physical, Data Link, Network, Transport, Session, Presentation, and Application. A common mnemonic for the order is Please Do Not Throw Sausage Pizza Away.
What is the difference between the OSI model and TCP/IP model?
The OSI model has seven layers and is a theoretical reference framework. The TCP/IP model has four layers and reflects the protocol suite the internet actually runs on. TCP/IP combines OSI Layers 5, 6, and 7 into a single Application layer. It also merges Layers 1 and 2 into a Network Access layer. The OSI model offers finer granularity for teaching and troubleshooting.
Which OSI layer does a router operate at?
Routers operate at Layer 3, the Network layer. They make forwarding decisions based on destination IP addresses. The router examines the Layer 3 header, consults its routing table, and forwards the packet toward its destination. Some modern routers also inspect traffic at higher layers. Their defining role remains Layer 3 routing.
Which OSI layer do switches operate at?
Traditional switches operate at Layer 2, the Data Link layer. They read the destination MAC address in each Ethernet frame and forward it to the correct port. Layer 3 switches also exist. Those combine switching with routing and make decisions using both MAC and IP addresses.
Do I need to memorize the OSI model?
Yes, if you are pursuing an IT career or certification. The OSI model appears on CompTIA Network+ (N10-009), CompTIA Security+, Cisco CCNA (200-301), and many other exams. Knowing the layers also makes you a faster troubleshooter and a clearer communicator. Use the mnemonic Please Do Not Throw Sausage Pizza Away.