CHAPTER 6: The OSI Model and Networking Protocols 246
TCP/IP protocols on the Internet and the IPX addresses used by the IPX/SPX
protocols on NetWare networks are examples of logical addresses. These
protocol stacks are referred to as routable because they include address-
ing schemes that identify both the network or subnet and the particular
client on that network or subnet. Other network/transport protocols, such
as NetBIOS Extended User Interface (NetBEUI), do not have a sophisti-
cated addressing scheme (nor the programming intelligence of high OSI
model layers such as network and transport layers), thus crippling it and
not allowing it to be routed across different networks. To make sure you
understand what is meant by this, view Figure 6.7. Here, you see a network
subdivided by different IP subnets (this will be covered in greater depth in
Chapter 7).
You can see that each local area network (LAN) is connected to each
other via a WAN, using Frame Relay (both of which will be covered in depth
in Chapter 7). The most critical fact here is that all of this logical address-
ing and routing are done at the network layer of the OSI model. Each sub-
net must be unique, and each LAN will need to know how to get to the
other LANs. That’s where the WAN and the routers come in, acting as the
default gateway for your network. Also, you need to understand that logical
addressing (such as the 10.1.1.1 255.255.255.0 address being assigned to
the router on the LAN as the default gateway) is important; it defines how
and where the packets are sent and so on. So, now that you have assigned
the IP address, how does the MAC address tie in? Well, a TCP/IP protocol
called Address Resolution Protocol (ARP) will help map an IP address to a
physical machine address.
The network layer is also responsible for creating a virtual circuit
(a logical connection, not a physical connection) between points or nodes.
A node is a device that has a MAC address, which typically includes
Note
To understand the difference between physical and logical addresses, consider this

analogy: if you buy a house, it has a physical address that identifies exactly where it is
located on the earth, at a specific latitude and longitude. This never changes (unless you
have a mobile home that can be moved from one plot of land to another). This is like the
MAC address on a NIC. Your house also has a logical address assigned to it by the post
office, consisting of a street number and street name. The city can (and occasionally
does) change the names of streets or renumber the houses located on them. This is like
the IP address assigned to a network interface.
The OSI Model 247
computers, printers, and routers. This layer is also responsible for routing,
Layer 3 switching (which is nothing more than a Layer 2 switch with a
Layer 3 router built into it) and the forwarding of packets.
Routing refers to forwarding packets from one network or subnet to
another. Without routing, computers can communicate only with other
computers that are on the same network via ARP broadcasts. Routing makes
it possible for computers to send data through many networks to other
computers that are on the other side of the world. Routing is the key to the
FIGURE 6.7 TCP/IP Networks Subdivided and Connected via Routers.
CHAPTER 6: The OSI Model and Networking Protocols 248
global Internet and is one of the most important duties of the network layer.
Easy to remember, routing is simple to understand. If you start with a LAN
that has the 10.1.1.0 255.255.255.0 network and you wanted to get to the
10.1.2.0 255.255.255.0 network (which has a different network number in
the third octet), you would need a router with a routing table (so it knows
where to send the packet) to get it there.
Finally, the network layer provides additional levels of flow control and
error control. As mentioned earlier, from this point on, the primary methods
of implementing the OSI model architecture involve software rather than
hardware.
Devices that operate at this layer include, most prominently, routers and
Layer 3 switches.

Layer 4: Transport
Layer 4 is the transport layer. As the name implies, it is responsible for
transporting the data from one node to another. It provides transparent
data transfer between nodes and manages the end-to-end flow control, error
detection, and error recovery.
The transport layer protocols initiate contact between host computers
and set up a virtual circuit. The transport protocols on each host computer
verify that the application sending the data is authorized to access the
network and that both ends are ready to initiate the data transfer. When
this synchronization is complete, the data can be sent. As the data is being
transmitted, the transport protocol on each host monitors the data flow and
watches for transport errors. If transport errors are detected, the transport
protocol can provide error recovery.
The functions performed by the transport layer are very important to
network communication. Just as the data link layer provides lower-level
reliability and connection-oriented or connectionless communications,
the transport layer does the same thing at a higher level. In fact, the two
protocols most commonly associated with the transport layer are defined by
their connection state: TCP, which is connection-oriented, whereas UDP,
which is connectionless.
What else does the transport layer do? It handles another aspect of logical
addressing: ports. If you think of a computer’s IP address as analogous to
the street address of a building, you can think of a port as a suite number
or apartment number within that building. It further defines exactly where
the data should go.
A computer might have several network applications running at the
same time: a Web browser sending a request to a Web server for a Web page,
The OSI Model 249
an e-mail client sending and receiving mail, and a file transfer program
uploading or downloading information to and from an FTP server. There

must be some mechanism to determine which incoming data packets
belong to which application, and that’s the function of port numbers. The
FTP protocol used by that program is assigned a particular port, whereas
the Web browser and e-mail clients use different protocols (HTTP and Post
Office Protocol [POP3] or Internet Message Access Protocol [IMAP]) that
have their own assigned ports. Thus the information that is intended for
the Web browser doesn’t go to the e-mail program by mistake. Port numbers
are used by the transport layer protocols (TCP and UDP).
Finally, the transport layer deals with name resolution. Because human
beings prefer to identify computers by names instead of IP addresses (after
all, it’s easier to remember “www.microsoft.com” for Microsoft’s Web
server than “207.46.249.222,” for example), but computers know only
how to interpret numbers (and binary numbers, at that), there must be a
way for names to be matched with numerical addresses so that people and
computers don’t drive one another crazy. Name resolution methods such
as the domain name system (DNS) solve this problem, and they generally
operate at the upper layers of the OSI model.
HEAD OF THE CLASS…
Different Switches for Different Layers
Troubleshooting network problems requires that you
understand which protocols and devices operate at
which layers of the networking model. It’s important
to understand that all switches are not created equal.
There are actually several different types of devices
that are called switches and they operate at different
layers of the OSI model.
Layer 2 switches are sometimes called standard
switches. They operate at the data link layer and func-
tion like sophisticated hubs. When a computer sends
data to a hub, the hub sends it back out on all ports, to

all the connected computers. A switch sends the data
only out the port to which the destination computer
(based on the addressing information in the headers)
is attached. This decreases the amount of unnecessary
traffic on the network and also increases security.
Layer 3 switches operate at the network layer
and are really a specialized type of router. They’re
sometimes called switched routers. Layer 3 switches
use the information in the packet headers to apply
policies, in addition to performing normal routing
functions.
Layer 4 switches operate at the transport layer
(in addition to the lower layers) and can use the port
number information from TCP or User Datagram
Protocol (UDP) headers. They can provide access
control lists (ACLs) to filter traffic for better security
and are able to control bandwidth allocation for load
balancing purposes. Some routers also function as
Layer 4 switches. These devices can help to identify
application layer (Layer 7) protocols, such as capable
Hypertext Transfer Protocol (HTTP), File Transfer
Protocol (FTP), and so on.
CHAPTER 6: The OSI Model and Networking Protocols 250
Layer 5: Session
After the transport layer has established the virtual connection, a communi-
cation session can be established. A communication session occurs between
two processes on two different computers. The session layer is responsible
for establishing, monitoring, and terminating sessions, using the virtual
circuits established by the transport layer.
The session layer is also responsible for putting header information into

data packets to indicate where the message begins and ends. Once header
information is attached to the data packets, the session layer performs
synchronization between the sender’s session layer and the receiver’s
session layer. The use of acknowledgement (ACK) messages helps coordinate
transfer of data at the session layer.
A very important function of the session layer is controlling whether
the communications within a session are sent as full-duplex or half-duplex
messages. Half-duplex communication goes in both directions between
the communicating computers, but information can travel in only one
direction at a time (as with walkie-talkie radio communications, in which
you have to hold down the microphone button to transmit and cannot hear
the person on the other end when you do). With full-duplex communica-
tion, information can be sent in both directions at the same time (as in a
regular telephone conversation, in which both parties can talk and hear one
another at the same time).
HEAD OF THE CLASS…
Connection-Oriented versus Connectionless
What’s the difference between a connection-oriented
and a connectionless protocol? A connection-oriented
protocol such as TCP creates a connection between
the two computers before actually sending the data and
then verifies that the data has reached their destination
by using acknowledgements (messages sent back to
the sending computer from the receiving computer that
acknowledge receipt). Connectionless protocols send the
data and trust that it will reach the proper destination.
Consider an analogy: you need to send a very impor-
tant letter to a business associate, containing valuable
papers that must not get lost along the way. You call
him before mailing the letter, to let him know he should

expect it (establishing the connection). You might even
insure it or send it via certified mail. After a few days
have passed, your friend calls you back to let you know
that he did receive the letter or you get back the return
receipt that you requested (acknowledgement). This is
the way a connection-oriented communication works.
It’s different from mailing a relatively unimportant item,
such as a postcard to a friend when you’re on vacation.
In that case, you just drop it in the mailbox and hope
it gets to the addressee. You don’t expect or require
any acknowledgement. This is like a connectionless
communication.
The OSI Model 251
Although the transport layer establishes a connection between two
machines, the session layer establishes a connection between two processes.
A process is a defined task related to an application. An application may run
many processes simultaneously to accomplish the work of the application.
These processes are small executable files that together do the work
required by the application. You can view the processes running on your
Windows-based computer by pressing CTLALTDEL, selecting Task
Manager, and then clicking the Processes tab. You’ll notice you have far
more processes running than applications since each application typically
runs more than one process at a time.
The session layer, then, is responsible for setting up the connection
between an application process on one computer and an application process
on another computer, after the transport layer has established the connection
between the two machines.
There are many important protocols that operate at the session layer,
including Windows Sockets (the Winsock interface) and NetBIOS (the
Network Basic Input/Output interface).

Layer 6: Presentation
Data translation is the primary activity of Layer 6, the presentation
layer. When data is sent from sender to receiver, the data is translated at
the presentation layer. The sender’s application passes data down to the
presentation layer, where it is put into a common format. When the data
is received on the other end, the presentation layer changes the data from
the common format back into a format that is useable by the application.
Protocol translation, the conversion of data from one protocol to another so
that it can be exchanged between computers that use different platforms or
operating systems, takes place here.
This is the layer at which many gateway services operate. Gateways
are connection points between networks that use different platforms or
Note
Earlier in this chapter, we mentioned multiplexing. Computer communications can be in
half-duplex or full-duplex mode. Simplex, or unidirectional (one-way) communication,
generally, is not used in computer networking. It is the type of communication used for
radio and over-the-air TV broadcasts (many cable television [CATV]) transmissions now
use two-way signaling to allow for interactive TV).
CHAPTER 6: The OSI Model and Networking Protocols 252
applications. Examples include e-mail gateways (which allow for com-
munications between two different e-mail programs using a common
protocol such as Simple Mail Transfer Protocol [SMTP]), Systems Network
Architecture (SNA) gateways (which allow PCs to communicate with
mainframe computers), and gateways that cross platforms or file systems
(for example, allowing Microsoft clients that use the Server Message Block
(SMB) protocol for file sharing to access files on NetWare servers that use
NetWare Core Protocol). Gateways are usually implemented via software,
such as the Gateway Services for NetWare (GSNW). Software redirectors
also operate at this layer.
This layer is also where data compression can take place, to minimize

the actual number of bits that must be transmitted on the network media to
the receiver. Data encryption and decryption take place in the presentation
layer as well.
Layer 7: Application
The application layer is the point at which the user application program
interacts with the network. This layer of the OSI model should not be
confused with the application itself. This is very important to understand
and remember, as they share the same name. Application processes, such as
file transfers or e-mail, are initiated within a user application (for example,
an e-mail program). Then the data created by that process are handed to
the application layer of the networking software. Everything that occurs at
this level is application-specific. File sharing, remote printer access, network
monitoring and management, Remote Procedure Calls (RPCs), and all forms
of electronic messaging occur at this level.
Both FTP (a common way of transferring files across a network) and
Telnet function within the application layer, as do SMTP, POP3, and
IMAP4, all of which are used for sending or receiving e-mail. There are
many other application layer protocols, including HTTP, Network News
Test Day Tip
Although it’s important to understand the details of the OSI model for the exam, you’re
likely to run into a limited number of questions related to the specific layers of the
model. Understanding the basic functions of each layer will help you easily identify
correct answers to the questions you may see on the exam. It is especially important to
remember that, when troubleshooting, you should start with Layer 1 (physical) and work
your way up. A common error among technicians and network administrators is starting
to troubleshoot at Layer 7. Greater detail about troubleshooting with the OSI model can
be found in Chapter 11, “Network Troubleshooting Tools.”
The OSI Model 253
Transfer Protocol (NNTP), and Simple Network Management Protocol
(SNMP).

Be sure to distinguish between the protocols mentioned and applications
that may bear the same names. There are many different FTP programs
made by different software vendors, but all of them use the FTP protocol to
transfer files.
Encapsulation of Data
One last item to cover before we move on to new material is that you should
make sure you understand what encapsulation is and how it works. Notice
that each layer in Figure 6.8 adds a header to the data packet so that by the
time it reaches the physical layer (the last one on the bottom), it is much
longer than when it started at the application layer. When data is received by
the receiving host, the headers are stripped off as the data moves back up the
stack, one layer at a time, by the layer that corresponds to the one that added
it. This means that each layer on the sending computer communicates only
with the layer of the same name on the receiving machine.
The Microsoft Model
Prior to the release of Windows NT 3.1, users who wanted to connect to
a network had to obtain the TCP/IP protocol suite from a third party and
install it. TCP/IP did not come bundled with the software. At times, the
TCP/IP software that was purchased didn’t work well with the operating
system (OS) because it handled various tasks of network communication in
a slightly different way than did the operating system. This sometimes led to
intermittent network problems or time-spent troubleshooting TCP/IP and
operating system interoperability.
With the release of Windows
NT 3.1, TCP/IP was built into
the operating system, providing a
seamless integration of network-
ing functionality in the OS. Since
that time, it has become standard
to provide TCP/IP with the

operating system because many
computers today connect to a net-
work in one form or another.
The Microsoft model as
seen in Figure 6.9 provides a
standard platform for application
developers.
FIGURE 6.8 Data Moving through the OSI Layers.
CHAPTER 6: The OSI Model and Networking Protocols 254
This modular design enables the developer to rely upon the underlying
services of the OS through the use of standard interfaces. (Sound familiar to
the discussion we had earlier on the DoD and OSI models?) These interfaces
provide specific functionality developers can use as building blocks to develop
an application. This makes development time shorter and provides common
interfaces for users, making learning and using new applications easier.
FIGURE 6.9 The Microsoft Model.
The OSI Model 255
Though the Microsoft model is used primarily by programmers, it’s
important to understand the framework we explore, of how TCP/IP works
on a Microsoft Windows-based computer.
Understanding the Function of Boundary Layers
The Microsoft model describes software and hardware components and
the connections between them that facilitate computer networking. This
modular approach both allows and encourages hardware and software
vendors to develop products that work together through the Microsoft
operating system. Boundary layers are interfaces that reside at the boundar-
ies of functionality. They interact with the layer below and the layer above,
providing an interface from one layer to the next.
Within each layer, various components perform the tasks defined at
the layer. A variety of components can provide similar functionality at any

given layer. This modular approach provides flexibility for developers while
providing common interfaces that reduce development time and cost.
A vendor can provide new functionality at any of these layers, knowing their
products will integrate with the other layers to provide seamless network com-
munications. The interfaces defined by Microsoft are the Network Driver Inter-
face Specification (NDIS), Transport Driver Interface (TDI), and the application
program interface (API). Figure 6.9 shows the relationship of these boundary
layers to both the OSI model and to the Microsoft Architecture.
The Windows OS is divided into three primary areas: the User, the
Executive, and the Kernel. The Kernel is the core of the Microsoft operating
system architecture and it manages the most basic operations including
interacting with the hardware abstraction layer that interacts with the
hardware (CPU, memory, etc.). The Kernel also synchronizes activities with
the Executive level, which includes the Input/Output (I/O) Manager and the
Process Manager. The User level interacts with the Executive level; this is
the level at which most applications and user interfaces reside.
the NDIs boundary Layer
The NDIS works at the bottom of the networking architecture and maps to
the data link layer of the OSI model and the Network Interface layer of the
DARPA model. The NDIS layer is the boundary between the physical network
(physical layer of the OSI model) and the higher-level transport protocols. This
layer provides the standardized functions that allow various transport protocols
to use any network device driver that is compatible with the specifications of
this layer, providing both flexibility and reliability to developers. The earliest
versions of NDIS were developed by a Microsoft and 3Com joint effort. Later,
NDIS versions are proprietary to Microsoft operating systems.