OSI Model
It’s a 7-Layered representation of how a network should work.
Physical Layer (L1)
- Makes sure 0s & 1s get between different hosts.
- Deals with specifications like howthick of copper wire do we use for cabling.
- If wireless, what frequency of radio waves are going to be used.
- Strips the preamble at the start of the frame - which contains bunch of 1s & 0s that alternates and denotes the incoming frame.
- Strips the frame check sequence at the end - this ensures that the data that was sent is the same as the data that was recieved.
- Now you have the Frame.
Data Link Layer (L2)
- Allows individual systems to be addressed in such a way that ethernet frames get to the right spot.
- Inspects incoming frames to see if they are addressed for me based on my MAC address.
- MAC addresses are (OEM - Original Equipment Manufacturer) Numbers, unique 48-Bit (8×6)
38-00-25-94-F5-93
each section is of 8 Bytes meaning each digit/character is of 4 Bytes. So its also a (4×12) composition value that’s burned into every Network Card wired or wireless. They have two halves:
- The first 24 (8×3) bits form the Organizationally Unique Identifier (OUI)
- The last 24 (8×3) bits form a serial number (formally called an extension identifier).
- Checks the “Destination MAC Address” field and validates if its for it.
- It strips off the Source & Destinatination MAC Address fields, but will not discard them, because if there is a return packet, it needs to be sent to the source MAC Address.
- Now you have the IP Packet.
Network Layer (L3)
- MACs are good to go with if the transfer is within the LAN network. But what if we have in internet where the computers are distributed in large areas - MAC addressing becomes insufficient.
- So we use logical IP Address. So looks up the “Destination & Source Address” strip it away and keep it, same as L2.
- Send to L4
Transport Layer (L4)
- Assemble and disassemble different pieces of data as they come in.
- Each individual ethernet frame could only hold 1500 bytes of data, maximum.
- So at this layer, data that are larger than that are broken into chunks and send it, as well as assemble it all together at the reciever end.
- Sequencing all the pieces and send to the L5.
Session Layer (L5)
- Part of the host that establishes connection say, to a remote host, a web server, email client, etc… You can be a browser or any similar kinda software.
- Once the connection is made, then the data can be moved between them.
- Looks for, Strip off and keep aside the “Source & Destination ports”, how IP address identifies to which system the packet is for, same way the Port identifies to which application in the host is the data is addressed to.
- Imagine having 5 Chrome tabs open, each listens to each port and recieves the data. Here chrome is the application that probably recides in the L7, but is the application capable of reading this data directly?
Presentation Layer (L6)
- Gets the data in a format that an destined application can read and respond to it.
- So if I’ve got a webpage coming in from a web server, my web browser may not know how to read it?
- Well, there was a time where that could be true. The thing is today, all of our applications are so good they can read just about anything.
- So it used to be that I would have to convert this data. Let’s say if it was Microsoft Word was going on the network to get a Word document, but I had a WordPerfect document or some other competitor, I would have have to go through the conversion so that it could read it.
- But today, everybody reads everybody. If you were to ask me, if there was one of the seven layers we could get rid of, it’s the presentation layer. He’s just not that important anymore.
Application Layer (L7)
- When we think of application layer, it’s not the actual application that we need to care of, instead the “smarts” in them.
- This can actually read and deal with the data, because that’s the whole reason for doing the networking right.
- Think of “smarts” like APIs, like the MS Word can access Network File if you use the Open>File. In the back, it uses specific Network APIs to achieve this.
Sending Frame
- When the NIC contructs the frame to be sent, it adds “ Source & Destination” MAC Addresses along with a CRC - Cyclic Redundancy Check field for error detection.
- Traditionally, while using the hub, it just repeats the constructed data to all the connections (NICs) it have and the NICs will decide by checking the MAC address like if its for it, it accepts - else rejects.
Broadcast vs Unicast
- A unicast transmission is addressed to a single device on a network.
- A broadcast transmission is sent to every device on a broadcast domain (Group of computers that can hear each other’s broadcast).
- A broadcast address looks like all Fs -
FF-FF-FF-FF-FF-FF
when a NIC sees this kinda address, it just passes it over to the next layer to process it.
- This is done in a anology like, Hey, if anyone up here have the this “name” kindly respond back. Same way, this broadcast packet will be responded back with the MAC addresses of each NICs.
IP Addressing
- The Destination & Source IP is encapsulated along with the MAC to make the packet traverse across networks. The flow would look something similar to this.
- The lookup is done on the current router and if the destination is not a part of that network, the packet is sent to the default gateway
- This is the connection to your router itself, so your computer puts the destination MAC address as the Router’s one and sends it to the router to lookup on to other networks connected to it.
- Router decapsulates the packet, strips the Source and Destination MAC, perform look up using the routing table and sends it to the next router.
- Remember that packets cannot travel by themselves, they are always encapsulated within frames.
- Also it’s worth noting that the frame information keep changing as the hop between routers and networks happens but the IP information remains the same.
Packets and Ports
- Now there is 2 major problems, as the size of data we can recieve is only 1500 Bytes, we might recieve it in pieces
- at the same time I may have many applications or even one chrome browser with multiple tabs, how will the data delivered exactly to that app?
- TCP solves the the first problem with Sequencing Number and Acknowledgements.
- and the second problem is dealt by the ports - makes sure that the data gets delivered to right application.
- Well-known ports (0–1023): Commons ports.
- These ports are related to the common protocols that are at the core of the TCP/IP model, DNS, SMTP, etc.
- Can never be used as return port number.
- Registered ports (1024–49151): Vendor specific ports.
- These ports are often associated with proprietary applications from vendors and developers.
- While they are officially approved by the Internet Assigned Numbers Authority (IANA), in practice many vendors simply implement a port of their choosing.
- Examples include Remote Authentication Dial-In User Service (RADIUS) authentication (1812), Microsoft SQL Server (1433/1434) and the Docker REST API (2375/2376).
- Dynamic or private ports (49152–65535): Service specific random ports.
- Whenever a service is requested that is associated with well-known or registered ports,
- those services will respond with a dynamic port that is used for that session and then released.