Seven Layers Of OSI Reference Model

OSI sounds like the name of a top-secret government agency you hear about only in Tom Clancy novels. What it really stands for in the networking world is Open Systems Interconnection, as in the Open Systems Interconnection Reference Model, affectionately known as the OSI model.

The OSI model breaks the various aspects of a computer network into seven distinct layers. These layers are kind of like the layers of an onion: Each successive layer envelops the layer beneath it, hiding its details from the levels above.

The OSI model is also like an onion in that if you start to peel it apart to have a look inside, you’re bound to shed a few tears. The OSI model is not a networking standard in the same sense that Ethernet and Token Ring are networking standards.

Rather, the OSI model is a framework into which the various networking standards can fit. The OSI model specifies what aspects of a network’s operation can be addressed by various network standards. So, in a sense, the OSI model is sort of a standard of standards. Table below summarizes the seven layers of the OSI model.

Layer Name Description
1 Physical Governs the layout of cables and devices such as repeaters and hubs.
2 Data Link Provides MAC addresses to uniquely identify network nodes and a means for data to be sent over the Physical layer in the form of packets. Bridges and switches are layer 2 devices.
3 Network Handles routing of data across network segments.
4 Transport Provides for reliable delivery of packets.
5 Session Establishes sessions between network applications.
6 Presentation Converts data so that systems that use different data formats can exchange information.
7 Application Allows applications to request network services.

The first three layers are sometimes called the lower layers. They deal with the mechanics of how information is sent from one computer to another over a network. Layers 4 through 7 are sometimes called the upper layers.

They deal with how applications programs relate to the network through application programming interfaces. The following sections describe each of these layers in greater detail. The seven layers of the OSI model are a somewhat idealized view of how networking protocols should work.

In the real world, actual networking protocols don’t follow the OSI model to the letter. The real world is always messier than we’d like. Still, the OSI model provides a convenient — if not completely accurate — conceptual picture of how networking works.

1. Physical Layer

The bottom layer of the OSI model is the Physical layer. It addresses the physical characteristics of the network, such as the types of cables used to connect devices, the types of connectors used, how long the cables can be, and so on.

For example, the Ethernet standard for 10BaseT cable specifies the electrical characteristics of the twisted-pair cables, the size and shape of the connectors, the maximum length of the cables, and so on.

The star, bus, ring, and mesh network topologies apply to the Physical layer. Another aspect of the Physical layer is the electrical characteristics of the signals used to transmit data over the cables from one network node to another.

The Physical layer doesn’t define any meaning to those signals other than the basic binary values of zero and one. The higher levels of the OSI model must assign meanings to the bits that are transmitted at the Physical layer. One type of Physical layer device commonly used in networks is a repeater.

A repeater is used to regenerate the signal whenever you need to exceed the cable length allowed by the Physical layer standard. 10BaseT hubs are also Physical layer devices. Technically, they’re known as multiport repeaters because the purpose of a hub is to regenerate every packet received on any port on all of the hub’s other ports.

Repeaters and hubs don’t examine the contents of the packets that they regenerate. If they did, they would be working at the Data Link layer, and not at the Physical layer. The network adapter (also called a network interface card or NIC) that’s installed in each computer on the network is a Physical layer device.

You can display information about the network adapter (or adapters) installed in a Windows computer by displaying the adapter’s Properties dialog box.

Figure 1: Displaying properties for a network adapter.

To access this dialog box in Windows 2000 or XP, open the Control Panel and double-click the System icon, click the Hardware tab, and then click the Device Manager button. A list of all the devices on the computer appears. Double-click the network adapter to see its Properties dialog box.

2. Data Link Layer

The Data Link layer is the lowest layer at which meaning is assigned to the bits that are transmitted over the network. Data link protocols address things such as the size of each packet of data to be sent, a means of addressing each packet so that it’s delivered to the intended recipient, and a way to ensure that two or more nodes don’t try to transmit data on the network at the same time.

The Data Link layer also provides basic error detection and correction to ensure that the data sent is the same as the data received. If an uncorrectable error occurs, the data link standard must specify how the node is to be informed of the error so that it can retransmit the data.

At the Data Link layer, each device on the network has an address known as the Media Access Control Address, or MAC address. This address is actually hard-wired into every network device by the manufacturer. MAC addresses are unique; no two network devices made by any manufacturer anywhere in the world can have the same MAC address.

You can see the MAC address for a computer’s network adapter by opening a command window and running the ipconfig /all command, as shown below.

Figure 2: Displaying the MAC address of your network adapter.

In this example, the MAC address of the network card is 00-06-25- AE-BA-F4. (The ipconfig command refers to the MAC address as the physical address.)

One of the most import functions of the Data Link layer is to provide a way for packets to be sent safely over the physical media without interference from other nodes attempting to send packets at the same time. The two most popular ways to do this are CSMA/CD and token passing.

Ethernet networks use CSMA/CD, and Token Ring networks use token passing. For an explanation of how CSMA/CD works, see the upcoming section, “How CSMA/CD works.” Two types of Data Link layer devices are commonly used on networks: bridges and switches.

A bridge is an intelligent repeater that is aware of the MAC addresses of the nodes on either side of the bridge and can forward packets accordingly. A switch is an intelligent hub that examines the MAC address of arriving packets in order to determine which port to forward the packet to.

How CSMA/CD Works

An important function of the Data Link layer is to make sure that two computers don’t try to send packets over the network at the same time. If they do, the signals will collide with each other and the transmission will be garbled.

Ethernet accomplishes this feat by using a technique called CSMA/CD, which stands for “carrier sense multiple access with collision detection.” This phrase is a mouthful, but if you take it apart piece by piece, you’ll get an idea of how it works.

Carrier sense means that whenever a device wants to send a packet over the network media, it first listens to the network media to see whether anyone else is already sending a packet. If it doesn’t hear any other signals on the media, the computer assumes that the network is free, so it sends the packet.

Multiple access means that nothing prevents two or more devices from trying to send a message at the same time. Sure, each device listens before sending. However, suppose that two devices listen, hear nothing, and then proceed to send their packets at the same time?

Picture what happens when you and someone else arrive at a four-way stop sign at the same time. You wave the other driver on, he or she waves you on, you wave, he or she waves, you both wave, and then you both go at the same time.

Collision detection means that after a device sends a packet, it listens carefully to see whether the packet crashes into another packet. This is kind of like listening for the screeching of brakes at the four-way stop. If the device hears the screeching of brakes, it waits a random period of time and then tries to send the packet again.

Because the delay is random, two packets that collide are sent again after different delay periods, so a second collision is unlikely. CSMA/CD works pretty well for smaller networks.

After a network hits about 30 computers, however, packets start to collide like crazy, and the network slows to a crawl. When that happens, the network should be divided into two or more separate sections that are sometimes called collision domains.

3. Network Layer

The Network layer handles the task of routing network messages from one computer to another. The two most popular layer 3 protocols are IP (which is usually paired with TCP) and IPX (normally paired with SPX for use with Novell and Windows networks). Network layer protocols provide two important functions: logical addressing and routing. The following sections describe these functions.

Logical Addressing

As you know, every network device has a physical address called a MAC address, which is assigned to the device at the factory. When you buy a network interface card to install into a computer, the MAC address of that card is fixed and can’t be changed.

But what if you want to use some other addressing scheme to refer to the computers and other devices on your network? This is where the concept of logical addressing comes in; a logical address lets you access a network device by using an address that you assign. Logical addresses are created and used by Network layer protocols such as IP or IPX.

The Network layer protocol translates logical addresses to MAC addresses. For example, if you use IP as the Network layer protocol, devices on the network are assigned IP addresses such as Because the IP protocol must use a Data Link layer protocol to actually send packets to devices, IP must know how to translate the IP address of a device to the device’s MAC address.

Data Link layer addresses (or MAC addresses) are assigned at the factory and can’t be changed. Network layer addresses (or IP addresses) are assigned in the field and can be changed. You can use the ipconfig command to see the IP address of your computer.

The IP address shown in the figure is Another way to display this information is to use the System Information command, found on the Start menu under Start>Programs>Accessories> System Tools>System Information.

The IP address is highlighted in below.

Figure 3: Using the System Information command to display network information.

Notice that the System Information program displays a lot of other useful information about the network besides the IP address. For example, you can also see the MAC address, what protocols are being used, and other information.

Although the exact format of logical addresses varies depending on the protocol being used, most protocols divide the logical address into two parts: a network address and a device address.

The network address identifies which network the device resides on, and the device address then identifies the device on that network. For example, in a typical IP address, such as, the network address is 192.168.1, and the device address (called a host address in IP) is 102.

Similarly, IPX addresses consist of two parts: a network address and a node address. In an IPX address, the node address is the same as the MAC address. As a result, IPX doesn’t have to translate between layer 3 and layer 2 addresses.


Routing comes into play when a computer on one network needs to send a packet to a computer on another network. In this case, a device called a router is used to forward the packet to the destination network. In some cases, a packet may actually have to travel through several intermediate networks in order to reach its final destination network.

An important feature of routers is that you can use them to connect networks that use different layer 2 protocols. For example, a router can be used to send a packet from an Ethernet to a Token Ring network. As long as both networks support the same layer 3 protocol, it doesn’t matter if their layer 1 and layer 2 protocols are different.

A protocol is considered routable if it uses addresses that include a network part and a host part. Any protocol that uses physical addresses is not routable because physical addresses don’t indicate to which network a device belongs.

4. Transport Layer

The Transport layer is the layer where you’ll find two of the most well-known networking protocols: TCP (normally paired with IP) and SPX (normally paired with IPX). As its name implies, the Transport layer is concerned with the transportation of information from one computer to another.

The main purpose of the Transport layer is to ensure that packets are transported reliably and without errors. The Transport layer does this task by establishing connections between network devices, acknowledging the receipt of packets, and resending packets that are not received or are corrupted when they arrive.

In many cases, the Transport layer protocol divides large messages into smaller packets that can be sent over the network efficiently. The Transport layer protocol reassembles the message on the receiving end, making sure that all of the packets that comprise a single transmission are received so that no data is lost.

For some applications, speed and efficiency are more important than reliability. In such cases, a connectionless protocol can be used. A connectionless protocol doesn’t go to the trouble of establishing a connection before sending a packet. Instead, it simply sends the packet. TCP is a connection-oriented Transport layer protocol.

The connectionless protocol that works alongside TCP is called UDP. In Windows XP, you can view information about the status of TCP and UDP connections by running the NETSTAT command from a command window, as Figure below shows.

Figure 4: Displaying the status of TCP and UDP connections with the NETSTAT command.

In the figure, you can see that three TCP connections are established. In fact, you can use the command NETSTAT /N to see the numeric network addresses instead of the names. With the /N switch, the output in Figure 4 would look like this:

Active Connections


TCP is a connection-oriented Transport layer protocol. UDP is a connectionless Transport layer protocol.

5. Session Layer

The Session layer establishes conversations known as sessions between networked devices. A session is an exchange of connection-oriented transmissions between two network devices. Each of these transmissions is handled by the Transport layer protocol. The session itself is managed by the Session layer protocol.

A single session can include many exchanges of data between the two computers involved in the session. After a session between two computers has been established, it is maintained until the computers agree to terminate the session.

The session layer allows three types of transmission modes:

  • Simplex: In this mode, data flows in only one direction.
  • Half-duplex: In this mode, data flows in both directions, but only in one direction at a time.
  • Full-duplex: In this mode, data flows in both directions at the same time.

In actual practice, the distinctions between the Session, Presentation, and Application layers are often blurred, and some commonly used protocols actually span all three layers. For example, SMB — the Server Manager Block protocol that is the basis of file sharing in Windows networks — functions at all three layers.

6. Presentation Layer

The Presentation layer is responsible for how data is represented to applications. Most computers — including Windows, UNIX, and Macintosh computers — use the American Standard Code for Information Interchange (ASCII) to represent data.

However, some computers (such as IBM mainframe computers) use a different code, known as Extended Binary Coded Decimal Interchange Code (EBCDIC). ASCII and EBCDIC are not compatible with each other. To exchange information between a mainframe computer and a Windows computer, the Presentation layer must convert the data from ASCII to EBCDIC and vice versa.

Besides simply converting data from one code to another, the Presentation layer can also apply sophisticated compression techniques so that fewer bytes of data are required to represent the information when it’s sent over the network.

At the other end of the transmission, the Presentation layer then un-compresses the data. The Presentation layer can also scramble the data before it is transmitted and unscramble it at the other end by using a sophisticated encryption technique that even Sherlock Holmes would have trouble breaking.

7. Application Layer

The highest layer of the OSI model, the Application layer, deals with the techniques that application programs use to communicate with the network. The name of this layer is a little confusing. Application programs such as Microsoft Office or QuickBooks aren’t a part of the Application layer.

Rather, the Application layer represents the programming interfaces that application programs such as Microsoft Office or QuickBooks use to request network services. Some of the better-known Application layer protocols are

  • DNS (Domain Name System) for resolving Internet domain names.
  • FTP (File Transfer Protocol) for file transfers.
  • SMTP (Simple Mail Transfer Protocol) for e-mail.
  • SMB (Server Message Block) for file sharing in Windows networks.
  • NFS (Network File System) for file sharing in UNIX networks.
  • Telnet for terminal emulation.

Figure below shows how a packet of information flows through the seven layers as it travels from one computer to another on the network.

Figure 5: How data travels through the seven layers.

The data begins its journey when an end-user application sends data to another network computer. The data enters the network through an Application layer interface, such as SMB. The data then works its way down through the protocol stack.

Along the way, the protocol at each layer manipulates the data by adding header information, converting the data into different formats, combining packets to form larger packets, and so on. When the data reaches the Physical layer protocol, it is actually placed on the network media (in other words, the cable) and sent to the receiving computer.

When the receiving computer receives the data, the data works its way up through the protocol stack. Then, the protocol at each layer reverses the processing that was done by the corresponding layer on the sending computer.

Headers are removed, data is converted back to its original format, packets that were split into smaller packets are recombined into larger messages, and so on. When the packet reaches the Application layer protocol, it is delivered to an application that can process the data.