The OSI (Open Systems Interconnection) is a general framework that allows network protocols, software and systems to be designed around general set of rules. This guidelines allow for systems to be compatible and logical traffic flow. OSI consists of 7 layers and knowing operational sequence of each one is extremely important. Lets look at OSI layers in more detail.
1, Physical Layer
Consists of physical media that makes up infrastructure of our network. It includes things like wireless transmission, cabling, cabling standards and types, connectors and types, network interface cards, and more. From security stand point it is mostly protected by physically securing access to network media and devices.
2. Data Link Layer
Data Link layer is responsible for insuring that data is transferred free of errors. Data is transferred in frames in this layer. 802.3 for Ethernet and 802,11 for Wi-Fi are the protocols that reside at this layer.
3. Network Layer
Data travels in packets in this layer and it responsible for determining packet paths. It includes routing protocols like RIP and IGRP. This is where IP addressing and routing is happening.
4. Transport Layer
This layer is where TCP and UDP parts of TCPIP suite reside. It ensures transport of data is successful. It includes sequencing and error checking,
5. Session Layer
It identifies established system session between different network entities. It monitors and controls remote sessions allowing multiple separate connections. NetBIOS and RPC reside in this layer.
6. Presentation Layer
Provides translation of data that is understandable by the next receiving layer. It deals with presentation of data. Any special processing of data that is required will be done at this layer.
7. Application Layer
Application and software we use on daily basis reside in this layer. Common examples would be protocols like HTTP and FTP. Everything is application specific at this layer
Each layer of the TCP/IP suits maps to one or more layers of the OSI model. Below image shows how TCP/IP suite maps to OSI model
|Data Link||Network Interface|
TCP is connection-oriented protocol because it verifies that packets send reach destination. The process of verification starts with SYN packet.
1. The SYN packet starts handshake process by telling receiving system it wants to connect.
2. The receiving system replies with SYN-ACK response. This is aknowlagement to original SYN packet.
3. Ones the sender receives SYN-ACK it responds with ACK.
TCP packet sequence numbers important to understand for attacks such as session hijacking and man-in-the-middle attacks.
Sequence beginning number is always random.
1. When remote host receives SYN packet it response with SYN-ACK that has its own sequence number.
2. ACK response from first host will add 1 to original SYN