THA Learning: The OSI Model – How We Move Data

Understanding how information flows is a critical part of any network engineering role, including that of the penetration tester. A good mechanic must have a thorough understanding of the workings of the internal combustion engine otherwise their ability to learn and adapt from car to car would be very limited. The same is true of network engineers and the knowledge of how communication protocols are designed. The standard for the design of these protocols is the Open Systems Interconnection (OSI) Model.

The OSI Model is a theoretical architecture for explaining and understanding how communication systems like computers interact with one another. It is broken into seven layers that each serve a distinct and necessary purpose in the communication process. Bear in mind that since this is theoretical, literal protocols are developed with this as a guideline and it is really a tool to help us understand network communication as information goes from our fingertips all the way down to bits on a wire. Let’s discuss each of these layers one at a time.

Application Layer

This is the highest layer. It is the piece that connects the user directly to the rest of the stack. This layer makes it possible for programmers to write software without having to know how to build network packets for communication. Without this layer, every programmer would have to know how to take their information, break it up, transmit data, etc. Instead, we can just use APIs (Application Programming Interfaces) that allow us to send our information to a function and runs it through the rest of the stack without us having to know the rules. Common protocols of TCP/IP that are associated with this layer are HTTP, FTP, SMTP. You might recognize those as protocols associated with the applications you use on a daily basis such as web browsers, file transfer and email.

Presentation Layer

This layer does exactly as its name professes: it presents the information to the next layer in the format that is required. The Application layer can have all kinds of custom encoding and formatting information but the Session Layer (the next layer in communication) requires that information be encoded a certain way so the Presentation Layer translates that so it can be packed up for shipping on to the network. This layer also handles certain types of encryption as well as the compression of data before it’s transported.

Session Layer

This is where the communication management begins. At its most basic level, network communication is a conversation between two machines. The Session layer is somewhat responsible for managing that conversation: initiating it, gracefully concluding it and also making sure that, if the conversation gets interrupted, both parties know how to pick up where they left off. To do this, the Session Layer establishes checkpoints through the conversation so that there are defined locations for the communication to be reestablished if it becomes necessary.

Transport Layer

This is where your transmissions really begin. The Transport Layer is the gateway between the upper layers of the OSI Model which focus on the application and the lower layers of the OSI Model which focus on the network. The Transport Layer takes your data and dissects it into digestible pieces for the layers below. This layer manages the end to end communication between two hosts, making sure that one system isn’t sending data too fast and overloading the other machines buffer. The protocols that operate at this layer are sometimes connectionless, meaning they don’t require the recipient host to acknowledge they received any information and other times they are connection-oriented so each computer is responsible for sending data and acknowledging when that data is received. When the Transport Layer realizes that the destination host has not received a certain packet, it sends it again ensuring that all data is completely received. By means of error checking, the Transport Layer will also verify that the message sent has not been corrupted on its way to the destination. Well known protocols that operate at this layer are TCP and UDP.

Network Layer

If this process were comparable to mailing a letter, this layer is where your information gets put in an envelope and addressed. The most widely used Network Layer protocol is the Internet Protocol or IP and this communication relies on the assignment of IP addresses. Every computer on a network must have a unique address and the packets require a source and a destination address for communication. It’s important to note that not all computers are on the same network so information has to be routed from one network to the next until it reaches its destination. The Network Layer handles this message forwarding process.

Data Link Layer

This layer is the last step before our data is actually an electric blip or light pulse across a network cable. If we think about the Network Layer above and its ability to route information across multiple networks to get to a destination, we could say that it handles transmission from Point A to Point Z. The data link layer is not concerned with that. Its primary concern is managing the physical transmission of data from Point A to Point B, then Point B to Point C, Point C to Point D and so on. To handle this, the Data Link Layer is broken into two sub layers: Logical Link Control Layer and Media Access Control Layer. The LLC primarily handles error checking and makes sure that there weren’t any physical errors in the transmission of the data. The MAC layer is the traffic cop for communication. It makes sure that the wire is clear to send data on to. It also manages the physical addressing. Each network node has a physical or MAC address and it is unique to that one node, distinguishing it from all others. When two networking devices on a local network communicate with each other, the MAC address is what they use to recognize each other. The IP address that we assign to a network node is virtual and needs to be translated back to a MAC address in order for the systems to talk to each other. There is a specific protocol in the TCP/IP suite that handles this: Address Resolution Protocol (ARP). ARP requests are simple messages sent out on to a network to ask “What is the MAC Address for the IP Address 192.168.1.12?”. Once it has that information, the Data Link Layer can pass the data frame on for transmission to its destination.

Physical Layer

This layer signifies the physical hardware used in transmitting data across a network. The Physical layer represents the actual transmission of 1’s and 0’s across some network medium.

Conclusion

What we’ve ultimately discussed here is the process that information takes as it goes from the applications we use and is packaged then dissected into bits on a wire or flying through the air. Once the bits are picked up by the corresponding destination computer, the entire process discussed above is reversed. Each layer at the destination computer will strip away the header information added by the corresponding layer on the source machine and use it to handle the data. Each layer is responsible for knowing how to communicate with the layer directly above it and directly below it depending on whether it is sending or receiving data.

The OSI Model is a fundamental key to having a thorough knowledge of network communications. The industry is loaded with terminology that references the OSI Model including Layer 2, Layer 3 and Layer 4 Switching. The entire TCP/IP framework is built-on and mapped to the OSI Model. Knowledge of this information will be critical for anyone endeavoring to strike out into the world of professional penetration testing and we at The Hacker Academy encourage you to use this information as a jump off point to delve into an understanding of protocols and communications. It will only make you better at what you do.