OSI and TCP/IP Model

1. What is the role of each layer in the OSI network model and the TCP/IP
network model?
The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to
communicate over a network. It was the first standard model for network communications, adopted
by all major computer and telecommunication companies in the early 1980s

The modern Internet is not based on OSI, but on the simpler TCP/IP model. However, the OSI 7-layer
model is still widely used, as it helps visualize and communicate how networks operate, and helps
isolate and troubleshoot networking problems.

OSI was introduced in 1983 by representatives of the major computer and telecom companies, and
was adopted by ISO as an international standard in 1984.

We’ll describe OSI layers “top down” from the application layer that directly serves the end user, down
to the physical layer.

7. Application Layer

The application layer is used by end-user software such as web browsers and email clients. It provides
protocols that allow software to send and receive information and present meaningful data to users.
A few examples of application layer protocols are the Hypertext Transfer Protocol (HTTP), File
Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), and
Domain Name System (DNS).

6. Presentation Layer

The presentation layer prepares data for the application layer. It defines how two devices should
encode, encrypt, and compress data so it is received correctly on the other end. The presentation
layer takes any data transmitted by the application layer and prepares it for transmission over the
session layer.

5. Session Layer

The session layer creates communication channels, called sessions, between devices. It is responsible for
opening sessions, ensuring they remain open and functional while data is being transferred, and
closing them when communication ends. The session layer can also set checkpoints during a data
transfer—if the session is interrupted, devices can resume data transfer from the last checkpoint.

4. Transport Layer

The transport layer takes data transferred in the session layer and breaks it into “segments” on the
transmitting end. It is responsible for reassembling the segments on the receiving end, turning it back
into data that can be used by the session layer. The transport layer carries out flow control, sending
data at a rate that matches the connection speed of the receiving device, and error control, checking
if data was received incorrectly and if not, requesting it again.
3. Network Layer

The network layer has two main functions. One is breaking up segments into network packets, and
reassembling the packets on the receiving end. The other is routing packets by discovering the best
path across a physical network. The network layer uses network addresses (typically Internet
Protocol addresses) to route packets to a destination node.

2. Data Link Layer

The data link layer establishes and terminates a connection between two physically-connected nodes on
a network. It breaks up packets into frames and sends them from source to destination. This layer is
composed of two parts—Logical Link Control (LLC), which identifies network protocols, performs
error checking and synchronizes frames, and Media Access Control (MAC) which uses MAC addresses
to connect devices and define permissions to transmit and receive data.

1. Physical Layer

The physical layer is responsible for the physical cable or wireless connection between network nodes. It
defines the connector, the electrical cable or wireless technology connecting the devices, and is
responsible for transmission of the raw data, which is simply a series of 0s and 1s, while taking care
of bit rate control.

2. Give the specific purposes of the DNS, HTTP SMB and SMTP/POP application
layer protocols
DNS – Domain Name System
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online
through domain names, like nytimes.com or espn.com. Web browsers interact through Internet
Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet
resources.

Each device connected to the Internet has a unique IP address which other machines use to find the
device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in
IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in
IPv6).

How does DNS work?

The process of DNS resolution involves converting a hostname (such as www.example.com) into a
computer-friendly IP address (such as 192.168.1.1). An IP address is given to each device on the
Internet, and that address is necessary to find the appropriate Internet device - like a street address
is used to find a particular home. When a user wants to load a webpage, a translation must occur
between what a user types into their web browser (example.com) and the machine-friendly address
necessary to locate the example.com webpage.
In order to understand the process behind the DNS resolution, it’s important to learn about the
different hardware components a DNS query must pass between. For the web browser, the DNS
lookup occurs "behind the scenes" and requires no interaction from the user’s computer apart from
the initial request.

HTTP – Hypertext Transfer Protocol

HTTP is abbreviated as Hypertext Transfer Protocol, an application layer protocol used primarily with
the WWW (World Wide Web) in the client-server model where a web browser is a client
communicating with the webserver which is hosting the website. Since 1990, this has become the
foundation for data communication. HTTP is a standard and stateless protocol that is used for
different purposes as well using extensions for request methods, error codes, as well as headers.

HTTP is a communication protocol which is employed for delivering data (usually HTML files,
multimedia files, etc.) on the World Wide Web through its default TCP port 80. However, there are
other ports also which can be implemented for this function. HTTP has two different versions,
HTTP/1.0, which is the old one and the newest HTTP/1.1. In its older version, a separate connection
was required. In the case of a new version, the same connection can be recycled several times.

A necessary HTTP request has the following steps:

1. Initially, a link to the HTTP server gets opened.

2. Then a request is sent.
3. It does some processing on the server.
4. Once the request processing is done, the response is sent back from the server.
5. Finally, the connection is closed.

Here is the basic block diagram of web application architecture which makes use of HTTP in it.

The HTTP is meant for request/response depending on a client-server architecture where the user
requests information through a web browser to the web server, which then responds to the
requested data.
Web Client: The client of this client-server architecture asks for a request to a specific server through
the HTTP (TCP/IP connection) as a request method in the form of a URL. It also contains a MIME-like
message that contains request modifier and client information.

Web Server: This accepts the request and process with a response by a status line, together with the
version of the message's protocol as well as the success or error code, followed by a MIME-like
message having server information, some metadata, and possible the entity-body content holding
the requested information.

Features of HTTP:

 HTTP is connectionless: An HTTP request is initiated by the browser (HTTP client) as per the
user's request for information. The server will process the request and launch back with a
response which the client waits for.
 HTTP is simple: HTTP/2 does the encapsulation of HTTP messages into frames; i.e., HTTP is
typically designed to be plain and human-readable.
 HTTP is extensible/customized: HTTP can be integrated with new functionality by providing a
simple agreement between a client and a server.
 HTTP is stateless, but not sessionless: HTTP is stateless, which means there is no connection
among two requests being consecutively carried out on the same connection. However,
when the core of HTTP is itself a stateless one, HTTP cookies provide in making use of stateful
sessions. Through the concept of header extensibility, HTTP cookies can be incorporated into
the workflow, making session creation on each HTTP request for sharing the same content.

SMB – Server Message Block

SMB (Server Message Block) is a client/server protocol that governs access to files and whole
directories, as well as other network resources like printers, routers or interfaces open to the
network. Information exchange between the different processes of a system (also known as inter-
process communication) can be handled based on the SMB protocol.

Developed by the IT group IBM in 1983, various versions and implementations of the protocol have
been released over the past decades. SMB first became available for the public as part of the OS/2
network operating system LAN Manager and its successor LAN Server. The main application of the
protocol has since been the Windows operating system series because its network services are
backwards-compatible with SMB. This allows devices with newer editions to easily communicate with
devices that have an older Microsoft operating system installed. What’s more, the free software
project Samba offers a solution that enables the use of Server Message Block in Linux and Unix
distributions, thereby allowing cross-platform communication via SMB.

How does SMB work?

The Server Message Block protocol enables the client to communicate with other participants in the
same network, allowing it to access files or services open to it in the network. For this to work, the
other system also needs to have implemented the network protocol and receive and process the
respective client request using an SMB server application. But both parties must first establish a
connection, which is why they first exchange corresponding messages. In IP networks, SMB uses the
Transmission Control Protocol (TCP) that provides for a three-way handshake between the client and
server, before finally establishing a connection. Subsequent data transport is regulated by the
provisions of the TCP protocol.

SMTP – Simple Mail Transfer Protocol

o SMTP stands for Simple Mail Transfer Protocol.
o SMTP is a set of communication guidelines that allow software to transmit an electronic mail
over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail addresses.
o It provides a mail exchange between users on the same or different computers, and it also
supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers. The servers
have a way of identifying themselves and announcing what kind of communication they are
trying to perform. They also have a way of handling the errors such as incorrect email address.
For example, if the recipient address is wrong, then receiving server reply with an error message
of some kind.

Working of SMTP

1. Composition of Mail: A user sends an e-mail by composing an electronic mail message using a
Mail User Agent (MUA). Mail User Agent is a program which is used to send and receive mail.
The message contains two parts: body and header. The body is the main part of the message
while the header includes information such as the sender and recipient address. The header also
includes descriptive information such as the subject of the message. In this case, the message
body is like a letter and header is like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the completed e-
mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient and domain
name. For example, [email protected], where "vivek" is the username of the recipient and
"gmail.com" is the domain name. If the domain name of the recipient's email address is
different from the sender's domain name, then MSA will send the mail to the Mail Transfer
Agent (MTA). To relay the email, the MTA will find the target domain. It checks the MX record
from Domain Name System to obtain the target domain. The MX record contains the domain
 name and IP address of the recipient's domain. Once the record is located, MTA connects to the
exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the exchange server
delivers it to the incoming server (Mail Delivery Agent) which stores the e-mail where it waits for
the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using MUA (Mail
User Agent). MUA can be accessed by using login and password.

POP – Post Office Protocol

POP3 is abbreviated as Post Office Protocol, and the number three stands for "version 3," which is
the latest version and the most widely used email protocol on the internet. Similar to IMAP protocol,
it is another protocol for receiving emails from remote servers. It also acts as a message accessing
agent to retrieve the message from the mail server to the receiver's system. It helps to protect emails
from spam and viruses on the internet.

POP3 works on two modes: Delete mode and Keep mode.

It works on Delete mode when a user is accessing an email service from a permanent device. In this,
once the mails are downloaded or retrieved from the mailbox, mails are deleted from the mailbox
permanently.

It operates on Keep mode when the user is not accessing mails from the primary device. In this, it
keeps the mails after retrieval also for later retrieval.

When to Use POP3?

Use POP3 for the following cases:
o We should use POP3 if we want to access mails using a single device
o If the number of emails is high.
o If we want to access the mails offline.

Features of POP3
o In POP3, all the emails are downloaded to the local computer, and once all the emails are
downloaded, they are deleted from the server.
o Downloaded emails can be accessed offline also.
o Emails are not synchronized between different devices, which means if we set up our email
using our mobile phone with POP3, those emails will be downloaded completely on your mobile
phone, and can’t be accessed from other devices.
3. When is it appropriate to use TCP or UDP and what are some examples of
applications that use each protocol?

What is the TCP?

The TCP stands for Transmission Control Protocol. If we want the communication between two
computers and communication should be good and reliable. For example, we want to view a web
page, then we expect that nothing should be missing on the page, or we want to download a file,
then we require a complete file, i.e., nothing should be missing either it could be a text or an
image. This can only be possible due to the TCP. It is one of the most widely used protocols over
the TCP/IP network.

Features of TCP
The following are the features of the TCP:
o Data delivery
TCP protocol ensures that the data is received correctly, no data is missing and in order. If TCP
protocol is not used, then the incorrect data can be received or out of order. For example, if we
try to view the web page or download a file without using TCP, then some data or images could
be missing.
o Protocol
TCP is a connection-oriented protocol. Through the word connection-oriented, we understand
that the computers first establish a connection and then do the communication. This is done by
using a three-way handshake. In a three-way handshake, the first sender sends the SYN message
to the receiver then the receiver sends back the SYN ACK message to confirm that the message
has been received. After receiving the SYN ACK message, the sender sends the acknowledgment
message to the receiver. In this way, the connection is established between the computers.
Once the connection is established, the data will be delivered. This protocol guarantees the data
delivery means that if the data is not received then the TCP will resend the data.

What is UDP?
The UDP stands for User Datagram Protocol. Its working is similar to the TCP as it is also used for
sending and receiving the message. The main difference is that UDP is a connectionless protocol.
Here, connectionless means that no connection establishes prior to communication. It also does
 not guarantee the delivery of data packets. It does not even care whether the data has been
received on the receiver's end or not, so it is also known as the "fire-and-forget" protocol. It is also
known as the "fire-and-forget" protocol as it sends the data and does not care whether the data is
received or not. UDP is faster than TCP as it does not provide the assurance for the delivery of the
packets.

Differences between the TCP and UDP

o Type of protocol
Both the protocols, i.e., TCP and UDP, are the transport layer protocol. TCP is a connection-
oriented protocol, whereas UDP is a connectionless protocol. It means that TCP requires
connection prior to the communication, but the UDP does not require any connection.
o Reliability
TCP is a reliable protocol as it provides assurance for the delivery of the data. It follows the
acknowledgment mechanism. In this mechanism, the sender receives the acknowledgment from
the receiver and checks whether the acknowledgment is positive or negative. If the ACK is
positive means, the data has been received successfully. If ACK is negative, then TCP will resend
the data. It also follows the flow and error control mechanism. UDP is an unreliable protocol as
it does not ensure the delivery of the data.
o Flow Control
TCP follows the flow control mechanism that ensures a large number of packets are not sent to
the receiver at the same time, while UDP does not follow the flow control mechanism.
o Ordering
TCP uses ordering and sequencing techniques to ensure that the data packets are received in
the same order in which they are sent. On the other hand, UDP does not follow any ordering
and sequencing technique, i.e., data can be sent in any sequence.
o Speed
Since TCP establishes a connection between a sender and receiver, performs error checking, and
also guarantees the delivery of data packets while UDP neither creates a connection nor it
guarantees the delivery of data packets, so UDP is faster than TCP.
o Flow of data
In TCP, data can flow in both directions means that it provides the full-duplex service. On the
other hand, UDP is mainly suitable for the unidirectional flow of data.
4. What are the reserved and special IPv4 addresses, and how they are used?
IPv4 - Reserved Addresses
There are a few reserved IPv4 address spaces which cannot be used on the internet. These
addresses serve special purpose and cannot be routed outside the Local Area Network.

Private IP Addresses
Every class of IP, (A, B & C) has some addresses reserved as Private IP addresses. These IPs can be
used within a network, campus, company and are private to it. These addresses cannot be routed
on the Internet, so packets containing these private addresses are dropped by the Routers.
In order to communicate with the outside world, these IP addresses must have to be translated to
some public IP addresses using NAT process, or Web Proxy server can be used.
The sole purpose to create a separate range of private addresses is to control assignment of
already-limited IPv4 address pool. By using a private address range within LAN, the requirement
of IPv4 addresses has globally decreased significantly. It has also helped delaying the IPv4 address
exhaustion.
IP class, while using private address range, can be chosen as per the size and requirement of the
organization. Larger organizations may choose class A private IP address range where smaller
organizations may opt for class C. These IP addresses can be further sub-netted and assigned to
departments within an organization.

Loopback IP Addresses
The IP address range 127.0.0.0 – 127.255.255.255 is reserved for loopback, i.e. a Host’s self-
address, also known as localhost address. This loopback IP address is managed entirely by and
within the operating system. Loopback addresses, enable the Server and Client processes on a
single system to communicate with each other. When a process creates a packet with destination
address as loopback address, the operating system loops it back to itself without having any
interference of NIC.

Data sent on loopback is forwarded by the operating system to a virtual network interface within
operating system. This address is mostly used for testing purposes like client-server architecture
on a single machine. Other than that, if a host machine can successfully ping 127.0.0.1 or any IP
from loopback range, implies that the TCP/IP software stack on the machine is successfully loaded
and working.

Link-local Addresses
In case a host is not able to acquire an IP address from the DHCP server and it has not been
assigned any IP address manually, the host can assign itself an IP address from a range of reserved
Link-local addresses. Link local address ranges from 169.254.0.0 -- 169.254.255.255.

Assume a network segment where all systems are configured to acquire IP addresses from a DHCP
server connected to the same network segment. If the DHCP server is not available, no host on
the segment will be able to communicate to any other. Windows (98 or later), and Mac OS (8.0 or
later) supports this functionality of self-configuration of Link-local IP address. In absence of DHCP
server, every host machine randomly chooses an IP address from the above mentioned range and
then checks to ascertain by means of ARP, if some other host also has not configured itself with
 the same IP address. Once all hosts are using link local addresses of same range, they can
communicate with each other.

These IP addresses cannot help system to communicate when they do not belong to the same
physical or logical segment. These IPs are also not routable.

Special IPv4 Addresses

Number of
Address block (CIDR) Range Scope
Addresses Purpose
Used for broadcast messages to the
0.0.0.0 –
0.0.0.0/8 16,777,216 software current ("this") network as specified
0.255.255.255
by RFC 1700, page 4.
Used for local communications within
10.0.0.0 – a private network as specified by RFC
10.0.0.0/8 16,777,216 private network
10.255.255.255 1918. See Private IP address space
section below.
Used for communications between a
100.64.0.0 – service provider and its subscribers
100.64.0.0/10 4,194,304 private network
100.127.255.255 when using a Carrier-grade NAT, as
specified by RFC 6598.
127.0.0.0 – Used for loopback addresses to the
127.0.0.0/8 16,777,216 host
127.255.255.255 local host, as specified by RFC 990.
Used for link-local addresses between
two hosts on a single link when no IP
169.254.0.0 – address is otherwise specified, such as
169.254.0.0/16 65,536 subnet
169.254.255.255 would have normally been retrieved
from a DHCP server, as specified
by RFC 3927.
Used for local communications within
172.16.0.0 – a private network as specified by RFC
172.16.0.0/12 1,048,576 private network
172.31.255.255 1918. See Private IP address space
section below.
Used for the IANA IPv4 Special
192.0.0.0 –
192.0.0.0/24 256 private network Purpose Address Registry as specified
192.0.0.255
by RFC 5736
Assigned as "TEST-NET" in RFC
192.0.2.0 – 5737 for use solely in documentation
192.0.2.0/24 256 documentation
192.0.2.255 and example source code and should
not be used publicly.
192.88.99.0 – Used by 6to4 anycast relays as
192.88.99.0/24 256 Internet
192.88.99.255 specified by RFC 3068.
Used for local communications within
192.168.0.0 – a private network as specified by RFC
192.168.0.0/16 65,536 private network
192.168.255.255 1918. See Private IP address space
section below.
Used for testing of inter-network
198.18.0.0 –
198.18.0.0/15 131,072 private network communications between two separate
198.19.255.255
subnets as specified in RFC 2544.
 Assigned as "TEST-NET-2" in RFC
198.51.100.0 – 5737 for use solely in documentation
198.51.100.0/24 256 documentation
198.51.100.255 and example source code and should
not be used publicly.
Assigned as "TEST-NET-3" in RFC
203.0.113.0 – 5737 for use solely in documentation
203.0.113.0/24 256 documentation
203.0.113.255 and example source code and should
not be used publicly.
Reserved for multicast assignments as
specified in RFC 5771.
224.0.0.0 – 233.252.0.0/24 is assigned as
224.0.0.0/4 268,435,456 Internet
239.255.255.255 "MCAST-TEST-NET" for use solely
in documentation and example source
code.
240.0.0.0 – Reserved for future use, as specified
240.0.0.0/4 268,435,455 n/a
255.255.255.254 by RFC 6890.
Reserved for the "limited broadcast"
255.255.255.255/32 255.255.255.255 1 n/a destination address, as specified
by RFC 6890.

5. Compare TCP/IP and OSI network model

OSI vs TCP/IP

What is OSI model?

The OSI stands for Open System Interconnection, which was developed in 1980s. It is a conceptual
model used for network communication. It is not implemented entirely, but it is still referenced
today. This OSI model consists of seven layers, and each layer is connected to each other. The
data moves down the OSI model, and each layer adds additional information. The data moves
down until it reaches the last layer of the OSI model. When the data is received at the last layer of
the OSI model, then the data is transmitted over the network. Once the data is reached on the
other side, then the process will get reversed.
What is TCP/IP model?
The TCP model stands for Transmission Control Protocol, whereas IP stands for Internet Protocol.
A number of protocols that make the internet possibly comes under the TCP/IP model. Nowadays,
we do not hear the name of the TCP/IP model much, we generally hear the name of the IPv4 or
IPv6, but it is still valid. This model consists of 4 layers. Now, we will look at the diagrammatic
representation of the TCP/IP model.
 As shown in the above diagram, the TCP/IP model has 4 layers, while the OSI model consists of 7
layers. Diagrammatically, it looks that the 4 layers of the TCP/IP model exactly fit the 7 layers of
the OSI model, but this is not reality. The application layer of the TCP/IP. model maps to the first
three layers, i.e., application, session, and presentation layer of the OSI model. The transport layer
of the TCP maps directly to the transport layer of the OSI model. The internet layer of the TCP/IP
model maps directly to the network layer of the OSI model. The last two layers of the OSI model
map to the network layer of the TCP/IP model. TCP/IP is the most widely used model as compared
to the OSI model for providing communication between computers over the internet.

Similarities between the OSI and TCP/IP model

The following are the similarities between the OSI and TCP/IP model:
o Share common architecture
Both the models are the logical models and having similar architectures as both the models are
constructed with the layers.
o Define standards
Both the layers have defined standards, and they also provide the framework used for
implementing the standards and devices.
o Simplified troubleshooting process
Both models have simplified the troubleshooting process by breaking the complex function into
simpler components.
o Pre-defined standards
The standards and protocols which are already pre-defined; these models do not redefine them;
they just reference or use them. For example, the Ethernet standards were already defined by the
IEEE before the development of these models; instead of recreating them, models have used
these pre-defined standards.
o Both have similar functionality of 'transport' and 'network' layers
The function which is performed between the 'presentation' and the 'network' layer is similar to
the function performed at the transport layer.

Let's see the differences between the OSI and TCP/IP model in a tabular form: