Osi_model
Chapter 1: OSI Model - 7 Layers Explained in Detail
Section titled “Chapter 1: OSI Model - 7 Layers Explained in Detail”The Foundation of Networking
Section titled “The Foundation of Networking”The OSI (Open Systems Interconnection) model is the cornerstone of modern networking. Developed by the International Organization for Standardization (ISO) in 1984, it provides a conceptual framework that standardizes network communication functions into seven distinct layers. Understanding this model is essential for any network administrator, DevOps engineer, or system administrator.
This chapter will take you through each layer in exhaustive detail, explaining not just what each layer does, but why it exists, how it interacts with other layers, and practical examples of protocols and devices at each level.
1.1 Why Do We Need the OSI Model?
Section titled “1.1 Why Do We Need the OSI Model?”Before diving into the layers, let’s understand why the OSI model was created and why it remains relevant today.
The Problem Before OSI
Section titled “The Problem Before OSI”In the early 1980s, different computer manufacturers had their own networking systems that couldn’t communicate with each other:
- IBM used SNA (Systems Network Architecture)
- Digital Equipment Corporation used DECnet
- Xerox used XNS
- Apple used AppleTalk
Each system was proprietary and incompatible with others. This created a significant problem: organizations couldn’t mix and match equipment from different vendors, and connecting different networks was extremely difficult.
The Solution: A Reference Model
Section titled “The Solution: A Reference Model”The OSI model was created to solve this problem by providing a common language and reference framework. It doesn’t specify exactly how to implement networking - instead, it defines what each part of networking should do, allowing different vendors to create compatible products.
Key Benefits of the OSI Model
Section titled “Key Benefits of the OSI Model”+------------------------------------------------------------------+| Benefits of OSI Model |+------------------------------------------------------------------+| || 1. STANDARDIZATION || - Vendors can create compatible products || - Allows multi-vendor networks || || 2. MODULARITY || - Each layer can be developed independently || - Changes in one layer don't affect others || - Easier troubleshooting || || 3. INTEROPERABILITY || - Different vendor devices can work together || - Legacy systems can integrate with new ones || || 4. UNDERSTANDING || - Provides mental model for troubleshooting || - Helps diagnose where problems occur || - Simplifies learning networking || || 5. DEVELOPMENT GUIDANCE || - Shows what functionality is needed at each level || - Helps developers know what to implement || |+------------------------------------------------------------------+1.2 The Seven Layers Overview
Section titled “1.2 The Seven Layers Overview”Here’s a high-level overview before we dive deep into each layer:
+------------------------------------------------------------------+| OSI Model - Complete View |+------------------------------------------------------------------+
Layer | Name | Function | Examples-------|-------------------|------------------------------|------------------7 | Application | User interface, network | HTTP, DNS, FTP | | services to applications | SMTP, SSH-------|-------------------|------------------------------|------------------6 | Presentation | Data translation, | SSL/TLS, JPEG | | encryption, compression | ASCII, GIF-------|-------------------|------------------------------|------------------5 | Session | Session management, | RPC, NetBIOS | | authentication | PPTP, SQL-------|-------------------|------------------------------|------------------4 | Transport | End-to-end connection, | TCP, UDP | | reliability | SCTP-------|-------------------|------------------------------|------------------3 | Network | Routing, logical addressing | IP, ICMP, OSPF | | | BGP, IGMP-------|-------------------|------------------------------|------------------2 | Data Link | Physical addressing, | Ethernet, WiFi | | framing, error detection | PPP, Frame Relay-------|-------------------|------------------------------|------------------1 | Physical | Physical transmission, | Cables, Hubs | | bits over medium | NICs, Signals+------------------------------------------------------------------+
Mnemonic for Remembering Layers (Bottom to Top):"Please Do Not Throw Sausage Pizza Away"Physical -> Data Link -> Network -> Transport -> Session -> Presentation -> Application
Or from Top to Application:"All People Seem To Need Data Processing"Application -> Presentation -> Session -> Transport -> Network -> Data Link -> Physical
+------------------------------------------------------------------+1.3 Layer-by-Layer Deep Dive
Section titled “1.3 Layer-by-Layer Deep Dive”Layer 7: Application Layer
Section titled “Layer 7: Application Layer”The Application Layer is the layer users interact with most directly. It’s where network services meet user applications.
What Happens at the Application Layer
Section titled “What Happens at the Application Layer”When you use any network application, you’re working at Layer 7. This layer doesn’t just mean “applications” like Microsoft Word or Chrome - it means the network-aware portion of any software.
+------------------------------------------------------------------+| Application Layer - Detailed Functions |+------------------------------------------------------------------+
1. NETWORK ACCESS TO APPLICATIONS - Provides interface between network services and applications - Example: When you open a webpage, browser calls HTTP
2. IDENTIFICATION OF COMMUNICATION PARTNERS - Determines identity and availability of communication partners - Example: DNS lookup to find server IP
3. SYNCHRONIZATION OF COMMUNICATION - Coordinates who talks when - Example: WebSocket protocol for real-time communication
4. RESOURCE ALLOCATION - Determines if enough resources for communication - Example: Checking if server can handle more connections
5. DATA FORMATING - Presents data in usable format - But actual translation is Layer 6
+------------------------------------------------------------------+Protocols at Layer 7
Section titled “Protocols at Layer 7”+------------------------------------------------------------------+| Application Layer Protocols |+------------------------------------------------------------------+
WEB PROTOCOLS:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| HTTP | 80 | HyperText Transfer Protocol | Web browsing || HTTPS | 443 | HTTP over TLS/SSL | Secure web || HTTP/2 | 443 | Faster HTTP | Modern web || HTTP/3 | 443 | QUIC-based | Latest web |+------------------------------------------------------------------+
FILE TRANSFER PROTOCOLS:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| FTP | 21 | File Transfer Protocol | File upload || FTPS | 990 | FTP over implicit TLS | Secure upload || SFTP | 22 | SSH File Transfer Protocol | Secure transfer || SCP | 22 | Secure Copy | Secure copy || TFTP | 69 | Trivial FTP | Boot files |+------------------------------------------------------------------+
EMAIL PROTOCOLS:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| SMTP | 25/587| Simple Mail Transfer | Sending email || POP3 | 110 | Post Office v3 | Retrieving email|| IMAP | 143 | Internet Message Access | Email access || IMAPS | 993 | IMAP over SSL | Secure email |+------------------------------------------------------------------+
REMOTE ACCESS PROTOCOLS:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| SSH | 22 | Secure Shell | Secure remote || Telnet | 23 | Terminal emulation | Legacy remote || RDP | 3389 | Remote Desktop Protocol | Windows remote || VNC | 5900 | Virtual Network Computing | Cross-platform |+------------------------------------------------------------------+
NETWORK MANAGEMENT:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| SNMP | 161/162| Simple Network Management | Network monitor || Syslog | 514 | System Logging | Log collection |+------------------------------------------------------------------+
NAME RESOLUTION:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| DNS | 53 | Domain Name System | Name lookup || mDNS | 5353 | Multicast DNS | Local discovery|+------------------------------------------------------------------+
DYNAMIC HOST CONFIGURATION:+------------------------------------------------------------------+| Protocol | Port | Description | Use Case ||---------|------|--------------------------------|-----------------|| DHCP | 67/68| Dynamic Host Config | IP assignment || BOOTP | 67/68| Bootstrap Protocol | Diskless boot |+------------------------------------------------------------------+
+------------------------------------------------------------------+Real-World Example: HTTP Request
Section titled “Real-World Example: HTTP Request”When you type “https://www.example.com/page” in your browser:
Step-by-step HTTP Request:+------------------------------------------------------------------+
1. Browser extracts hostname: www.example.com2. Browser checks local cache for IP3. If not found, queries DNS for IP address (DNS is also Layer 7!)4. Browser establishes TCP connection to port 443 (HTTPS)5. Browser initiates TLS handshake (Layer 6/7)6. Browser sends HTTP request:
GET /page HTTP/1.1 Host: www.example.com Accept: text/html Accept-Language: en-US User-Agent: Mozilla/5.0...
7. Server processes request and responds with HTTP response:
HTTP/1.1 200 OK Content-Type: text/html Content-Length: 1234
<html>...content...</html>
8. Browser renders the HTML content
+------------------------------------------------------------------+Layer 6: Presentation Layer
Section titled “Layer 6: Presentation Layer”The Presentation Layer is responsible for data translation, ensuring data from the Application Layer of one system can be understood by the Application Layer of another system.
Why Do We Need the Presentation Layer?
Section titled “Why Do We Need the Presentation Layer?”Different computer systems represent data differently:
- Mainframes use EBCDIC encoding
- PCs typically use ASCII
- Some systems use Unicode
- Images can be JPEG, PNG, GIF, BMP
- Data can be encrypted or compressed
The Presentation Layer bridges these differences.
+------------------------------------------------------------------+| Presentation Layer - Functions |+------------------------------------------------------------------+
1. DATA TRANSLATION - Converts between character sets (ASCII ↔ EBCDIC) - Ensures consistent data representation - Handles endianness (big-endian vs little-endian)
2. DATA COMPRESSION - Reduces size for faster transmission - Techniques: JPEG, MPEG, ZIP - Can be lossy or lossless
3. DATA ENCRYPTION/DECRYPTION - Protects data during transmission - Provides confidentiality - Examples: TLS/SSL, AES at presentation level
4. SERIALIZATION - Converts complex data structures to flat format - Example: Converting object to XML or JSON for transmission - Enables data exchange between different systems
+------------------------------------------------------------------+Standards and Formats at Layer 6
Section titled “Standards and Formats at Layer 6”+------------------------------------------------------------------+| Presentation Layer Standards |+------------------------------------------------------------------+
ENCODING STANDARDS:+------------------------------------------------------------------+| Standard | Description ||-------------|------------------------------------------------------|| ASCII | 7-bit character encoding (128 characters) || Extended ASCII | 8-bit encoding (256 characters) || ISO-8859-1 | Latin-1 Western European || UTF-8 | Variable-length Unicode (1-4 bytes) || UTF-16 | Variable-length Unicode (2-4 bytes) || EBCDIC | Extended Binary Coded Decimal (IBM mainframes) |+------------------------------------------------------------------+
IMAGE FORMATS:+------------------------------------------------------------------+| Format | Type | Description ||--------|-----------|----------------------------------------------|| JPEG | Lossy | Joint Photographic Experts Group || PNG | Lossless | Portable Network Graphics || GIF | Lossless | Graphics Interchange Format || TIFF | Lossless | Tagged Image File Format || BMP | Uncompressed| Bitmap |+------------------------------------------------------------------+
VIDEO FORMATS:+------------------------------------------------------------------+| Format | Description ||--------|----------------------------------------------------------|| MPEG | Moving Picture Experts Group (video compression) || MP4 | MPEG-4 Part 14 (audio/video container) || AVI | Audio Video Interleave || WebM | Open media container (VP8/VP9 video) |+------------------------------------------------------------------+
ENCRYPTION STANDARDS:+------------------------------------------------------------------+| Standard | Description ||----------|-------------------------------------------------------|| TLS/SSL | Transport Layer Security (successor to SSL) || AES | Advanced Encryption Standard || DES | Data Encryption Standard (deprecated) || 3DES | Triple DES (deprecated) |+------------------------------------------------------------------+
DATA SERIALIZATION:+------------------------------------------------------------------+| Format | Description ||--------|---------------------------------------------------------|| JSON | JavaScript Object Notation || XML | Extensible Markup Language || YAML | YAML Ain't Markup Language || Protocol Buffers | Google's binary serialization || Thrift | Facebook's cross-language serialization |+------------------------------------------------------------------+
+------------------------------------------------------------------+SSL/TLS: The Most Common Layer 6 Protocol
Section titled “SSL/TLS: The Most Common Layer 6 Protocol”SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are the most common Layer 6 protocols in modern networking.
+------------------------------------------------------------------+| TLS Handshake Process |+------------------------------------------------------------------+
Client Server | | |-------- ClientHello (TLS version, cipher | | suites, random number)--------------->| | | |<------- ServerHello (chosen cipher, | | server certificate, random)----------| | | |<------- Certificate (server public key)-----| | | |<------- ServerKeyExchange (if needed)-------| | | |<------- CertificateRequest (if client auth)--| | | |<------- ServerHelloDone---------------------| | | |-------- ClientKeyExchange (pre-master secret)| |-------- CertificateVerify (if client auth)---| |-------- ChangeCipherSpec (encrypting now)----| |-------- Finished (encrypted handshake)------>| | | |<------- ChangeCipherSpec (encrypting now)----| |<------- Finished (encrypted handshake)--------| | | |======== Application Data (encrypted) ========>| | | | |
TLS Versions:+------------------------------------------------------------------+| Version | Status | Security | Notes ||---------|---------------|-------------|------------------------|| SSL 1.0 | Deprecated | Very Weak | Never publicly released|| SSL 2.0 | Deprecated | Weak | Many vulnerabilities || SSL 3.0 | Deprecated | Weak | POODLE attack || TLS 1.0 | Deprecated | Weak | BEAST attack || TLS 1.1 | Deprecated | Moderate | Vulnerable to attacks || TLS 1.2 | Current | Strong | Supports AEAD || TLS 1.3 | Current | Very Strong | Simplified handshake |+------------------------------------------------------------------+
+------------------------------------------------------------------+Layer 5: Session Layer
Section titled “Layer 5: Session Layer”The Session Layer manages the establishment, maintenance, and termination of sessions between applications.
Session Management Functions
Section titled “Session Management Functions”+------------------------------------------------------------------+| Session Layer - Functions |+------------------------------------------------------------------+
1. SESSION ESTABLISHMENT - Negotiate and establish connection - Exchange authentication information - Agree on session parameters
2. SESSION MAINTENANCE - Keep session alive during idle periods - Handle checkpointing for long transfers - Manage dialog control (full-duplex/half-duplex)
3. SESSION TERMINATION - Graceful shutdown of session - Clean resource release - Handle abnormal disconnections
4. SESSION RECOVERY - Implement checkpoints - Resume from last checkpoint after failure - Handle lost packets
5. SYNCHRONIZATION - Insert synchronization points in data stream - Allow selective retransmission
+------------------------------------------------------------------+Session Layer Protocols
Section titled “Session Layer Protocols”+------------------------------------------------------------------+| Session Layer Protocols |+------------------------------------------------------------------+
PROTOCOL | DESCRIPTION |-------------------|------------------------------------------------|NetBIOS | Network Basic Input/Output System - provides| | session services for LAN operations |-------------------|------------------------------------------------|RPC (Remote | Allows program to execute on another |Procedure Call) | computer - creates session for procedure |-------------------|------------------------------------------------|SQL*NET | Oracle's network protocol for database | | communication |-------------------|------------------------------------------------|NFS (Network | Allows mounting remote file systems |File System) | as local directories |-------------------|------------------------------------------------|PPTP (Point-to-Point| Creates VPN tunnels over IP networks |Tunneling Protocol)| |-------------------|------------------------------------------------|SDP (Session | Announces and negotiates multimedia |Description Protocol)| session parameters |-------------------|------------------------------------------------|WebSocket | Full-duplex communication channel for | | real-time web communication |
+------------------------------------------------------------------+How Sessions Work: Practical Example
Section titled “How Sessions Work: Practical Example”+------------------------------------------------------------------+| FTP Session as Session Layer Example |+------------------------------------------------------------------+
FTP Session Lifecycle:
1. CONTROL CONNECTION ESTABLISHMENT (Port 21) +------------------------------------------------------------------+ | Client connects to server port 21 | | Server responds with 220 (Service ready) | | Client sends USER command | | Server responds with 331 (Password required) | | Client sends PASS command | | Server responds with 230 (User logged in) | +------------------------------------------------------------------+
2. DATA CONNECTION ESTABLISHMENT (For each file transfer) +------------------------------------------------------------------+ | Client sends PASV command (passive mode) | | Server responds with 227 (entering passive mode) | | Client connects to server's data port | | Data transfer begins | +------------------------------------------------------------------+
3. SESSION MAINTENANCE +------------------------------------------------------------------+ | Keep-alive commands (NOOP) prevent timeout | | Client can query status (STAT command) | +------------------------------------------------------------------+
4. SESSION TERMINATION +------------------------------------------------------------------+ | Client sends QUIT command | | Server responds with 221 (Service closing control) | | Control connection closes | +------------------------------------------------------------------+
FTP Commands (Session Layer):+------------------------------------------------------------------+| Command | Description | Example ||-----------|--------------------------------|---------------------|| USER | Specify username | USER john || PASS | Specify password | PASS secret123 || PASV | Enter passive mode | PASV || PORT | Specify data port | PORT 192,168,1,100|| RETR | Retrieve file | RETR file.txt || STOR | Store file | STOR upload.txt || QUIT | Logout and close | QUIT |+------------------------------------------------------------------+
+------------------------------------------------------------------+Layer 4: Transport Layer
Section titled “Layer 4: Transport Layer”The Transport Layer is responsible for end-to-end communication and data flow control. This is where TCP and UDP operate.
Deep Dive into TCP
Section titled “Deep Dive into TCP”TCP (Transmission Control Protocol) is the most widely used Transport Layer protocol, providing reliable, ordered, error-checked delivery.
+------------------------------------------------------------------+| TCP Header Structure |+------------------------------------------------------------------+
+------------------------------------------------------------------+| Bit 0 Bit 31 || Source Port (16) Destination Port (16) |+------------------------------------------------------------------+| Sequence Number (32) |+------------------------------------------------------------------+| Acknowledgment Number (32) |+------------------------------------------------------------------+| Data Offset | Reserved | Flags | Window Size (16) |+------------------------------------------------------------------+| Checksum (16) Urgent Pointer (16) |+------------------------------------------------------------------+| Options (if Data Offset > 5) |+------------------------------------------------------------------+| Data |+------------------------------------------------------------------+
Field Descriptions:+------------------------------------------------------------------+| Field | Size | Description ||--------------------|-------|--------------------------------------|| Source Port | 16-bit| Sender's port (0-65535) || Destination Port | 16-bit| Receiver's port (0-65535) || Sequence Number | 32-bit| Byte position in data stream || Acknowledgment | 32-bit| Next expected byte || Data Offset | 4-bit | Header length (5-15 32-bit words) || Flags | 6-bit | Control flags (URG,ACK,PSH,RST, || | | SYN, FIN) || Window Size | 16-bit| Receiver's buffer capacity || Checksum | 16-bit| Error detection || Urgent Pointer | 16-bit| Points to urgent data || Options | Variable| Optional features (MSS, SACK, || | | timestamps, etc.) |+------------------------------------------------------------------+
+------------------------------------------------------------------+TCP Flags in Detail
Section titled “TCP Flags in Detail”+------------------------------------------------------------------+| TCP Flags |+------------------------------------------------------------------+
Flag | Bit | Name | Purpose |------|-----|---------------|--------------------------------------|URG | 20 | Urgent | Indicates urgent data present |ACK | 21 | Acknowledgment| Acknowledges received data |PSH | 22 | Push | Send data immediately, don't buffer |RST | 23 | Reset | Abort connection |SYN | 24 | Synchronize | Initiate connection |FIN | 25 | Finish | Graceful connection close |
Common Flag Combinations:+------------------------------------------------------------------+
1. SYN - Connection Establishment +------------------------------------------------------------------+ | Client -> Server: SYN, Seq=100 | | Server -> Client: SYN, ACK, Seq=200, Ack=101 | | Client -> Server: ACK, Seq=101, Ack=201 | +------------------------------------------------------------------+
2. PSH+ACK - Data Transfer +------------------------------------------------------------------+ | Client -> Server: PSH, ACK, Seq=100, Ack=200, Data | | Server -> Client: ACK, Seq=200, Ack=150 | +------------------------------------------------------------------+
3. FIN - Graceful Close +------------------------------------------------------------------+ | Client -> Server: FIN, ACK, Seq=100, Ack=200 | | Server -> Client: ACK, Seq=200, Ack=101 | | Server -> Client: FIN, ACK, Seq=200, Ack=101 | | Client -> Server: ACK, Seq=101, Ack=201 | +------------------------------------------------------------------+
4. RST - Abrupt Reset +------------------------------------------------------------------+ | Client -> Server: RST, Seq=100 | | Connection immediately terminated | +------------------------------------------------------------------+
+------------------------------------------------------------------+TCP Connection States
Section titled “TCP Connection States”+------------------------------------------------------------------+| TCP Connection State Machine |+------------------------------------------------------------------+
Server Side:+------------------------------------------------------------------+| State | Description ||-----------------|------------------------------------------------|| LISTEN | Waiting for connection request || SYN-SENT | Sent connection request, waiting ack || SYN-RECEIVED | Received and sent acknowledgment || ESTABLISHED | Connection open, data transfer possible || FIN-WAIT-1 | Sent close request, waiting ack || FIN-WAIT-2 | Acknowledged, waiting for FIN || CLOSE-WAIT | Received close request, waiting to close || LAST-ACK | Waiting for final acknowledgment || CLOSING | Sent and received close simultaneously || TIME-WAIT | Wait 2MSL after closing || CLOSED | Connection fully closed |+------------------------------------------------------------------+
State Transitions:+------------------------------------------------------------------+
CLOSED -> LISTEN: Server starts listeningLISTEN -> SYN-RECEIVED: Receive SYNSYN-RECEIVED -> ESTABLISHED: Complete handshakeESTABLISHED -> FIN-WAIT-1: Initiate closeFIN-WAIT-1 -> FIN-WAIT-2: Receive ACKFIN-WAIT-2 -> TIME-WAIT: Receive FINTIME-WAIT -> CLOSED: Wait 2MSL (2 minutes typically)ESTABLISHED -> CLOSE-WAIT: Receive FIN from clientCLOSE-WAIT -> LAST-ACK: Send FINLAST-ACK -> CLOSED: Receive final ACK
2MSL (Maximum Segment Lifetime):+------------------------------------------------------------------+| - Prevents delayed segments from being delivered to new || connection on same port || - Typically 2 minutes (can be configured) || - Linux: /proc/sys/net/ipv4/tcp_fin_timeout |+------------------------------------------------------------------+
+------------------------------------------------------------------+TCP vs UDP Comparison
Section titled “TCP vs UDP Comparison”+------------------------------------------------------------------+| TCP vs UDP - Complete Comparison |+------------------------------------------------------------------+
| Feature | TCP | UDP ||-----------------|----------------------|----------------------|| Connection | Connection-oriented | Connectionless || Reliability | Reliable | Unreliable || Ordering | Ordered | No ordering || Flow Control | Yes (sliding window) | No || Congestion | Yes | No || Speed | Slower | Faster || Header Size | 20-60 bytes | 8 bytes || State | Stateful | Stateless || Use Cases | HTTP, SSH, Email, | DNS, VoIP, Gaming, || | File Transfer, | Video Streaming, || | Database | DHCP |+-----------------+----------------------+---------------------+
When to Use TCP:+------------------------------------------------------------------+| - Data integrity is critical || - Order must be preserved || - Large amounts of data || - Applications that can tolerate latency || Examples: HTTP/HTTPS, FTP, SSH, SMTP, POP3, IMAP, MySQL, || PostgreSQL, MongoDB |+------------------------------------------------------------------+
When to Use UDP:+------------------------------------------------------------------+| - Speed is more important than reliability || - Real-time applications || - Small, frequent messages || - Broadcasting/multicasting || Examples: DNS, VoIP, video streaming, online gaming, DHCP, || SNMP, NTP, TFTP |+------------------------------------------------------------------+
UDP Header:+------------------------------------------------------------------+
+------------------------------------------------------------------+| Source Port (16) | Destination Port (16) |+------------------------------------------------------------------+| Length (16) | Checksum (16) |+------------------------------------------------------------------+| Data |+------------------------------------------------------------------+
UDP is simple - just source port, destination port, length,checksum, and data. No sequencing, no acknowledgments.
+------------------------------------------------------------------+Layer 3: Network Layer
Section titled “Layer 3: Network Layer”The Network Layer handles logical addressing and routing - determining the best path for data to travel from source to destination.
IP Addressing Deep Dive
Section titled “IP Addressing Deep Dive”+------------------------------------------------------------------+| IPv4 Header Structure |+------------------------------------------------------------------+
+------------------------------------------------------------------+| Version | IHL | DSCP | ECN | Total Length |+------------------------------------------------------------------+| Identification | Flags | Fragment Offset |+------------------------------------------------------------------+| Time to Live | Protocol | Header Checksum |+------------------------------------------------------------------+| Source IP Address |+------------------------------------------------------------------+| Destination IP Address |+------------------------------------------------------------------+| Options (if IHL > 5) |+------------------------------------------------------------------+
Field Details:+------------------------------------------------------------------+| Field | Bits | Description ||----------------|------|------------------------------------------|| Version | 4 | IP version (4 for IPv4) || IHL | 4 | Internet Header Length (in 32-bit || | | words, typically 5) || DSCP | 6 | Differentiated Services Code Point || ECN | 2 | Explicit Congestion Notification || Total Length | 16 | Total packet size in bytes || Identification | 16 | Unique ID for fragmentation || Flags | 3 | Fragmentation control (Reserved, || | | Don't Fragment, More Fragments) || Fragment Offset| 13 | Position of fragment in original || | | datagram || TTL | 8 | Hop count (decremented by each router)|| Protocol | 8 | Upper layer protocol (6=TCP, 17=UDP) || Header Checksum| 16 | Error detection for header || Source IP | 32 | Sender's IP address || Destination IP| 32 | Receiver's IP address |+------------------------------------------------------------------+
+------------------------------------------------------------------+IPv4 Address Classes (Historical Context)
Section titled “IPv4 Address Classes (Historical Context)”+------------------------------------------------------------------+| IPv4 Address Classes (Legacy Classification) |+------------------------------------------------------------------+
Class | First Octet | Network Bits | Host Bits | Networks | Hosts |------|-------------|-------------|-----------|---------|----------|A | 1-126 | 8 | 24 | 126 | 16,777,22|B | 128-191 | 16 | 16 | 16,382 | 65,534 |C | 192-223 | 24 | 8 | 2,097,1 | 254 |D | 224-239 | - | - | - | Multicast|E | 240-255 | - | - | - | Reserved |
Special Addresses:+------------------------------------------------------------------+| Address Range | Purpose ||---------------------------|-------------------------------------|| 0.0.0.0/8 | This network (RFC 1122) || 10.0.0.0/8 | Private (RFC 1918) || 127.0.0.0/8 | Loopback (localhost) || 169.254.0.0/16 | Link-local (APIPA) || 172.16.0.0/12 | Private (RFC 1918) || 192.0.0.0/24 | IETF Protocol (RFC 5737) || 192.0.2.0/24 | TEST-NET-1 (RFC 5737) || 192.168.0.0/16 | Private (RFC 1918) || 198.51.100.0/24 | TEST-NET-2 (RFC 5737) || 203.0.113.0/24 | TEST-NET-3 (RFC 5737) || 255.255.255.255/32 | Limited broadcast |
Private Address Ranges (RFC 1918):+------------------------------------------------------------------+| Range | CIDR | Usable Hosts ||--------------------|----------------|--------------------------|| 10.0.0.0 - 10.255.| 10.0.0.0/8 | 16,777,214 (minus 2) || 172.16.0.0 - 172. | 172.16.0.0/12 | 1,048,574 (minus 2) || 192.168.0.0 - 192.| 192.168.0.0/16 | 65,534 (minus 2) |
+------------------------------------------------------------------+Routing Concepts
Section titled “Routing Concepts”+------------------------------------------------------------------+| Routing Table Deep Dive |+------------------------------------------------------------------+
Linux Routing Table Example:+------------------------------------------------------------------+| $ ip route show || || default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.100 || 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.|| 10.0.0.0/8 via 192.168.1.2 dev eth0 || 172.16.0.0/12 via 192.168.1.3 dev eth0 |+------------------------------------------------------------------+
Route Table Fields:+------------------------------------------------------------------+| Field | Description ||--------------------|---------------------------------------------|| destination | Target network or host || via | Next hop router address || dev | Outgoing network interface || scope | Route scope (global, link, host) || proto | How route was learned (static, dhcp, etc.)|| src | Source address to use for this route || metric | Route cost (lower = preferred) |+------------------------------------------------------------------+
Route Lookup Process:+------------------------------------------------------------------+
1. Extract destination IP from packet2. Compare against each route (longest prefix match)3. Select most specific matching route4. Forward packet to next hop or deliver locally
Example: Packet to 10.1.5.100+------------------------------------------------------------------+| Route Entry | Match Bits | Action ||------------------------|------------|---------------------------|| 0.0.0.0/0 (default) | 0 bits | Lowest priority || 10.0.0.0/8 | 8 bits | Medium priority || 10.1.0.0/16 | 16 bits | Higher priority || 10.1.5.0/24 | 24 bits | HIGHEST (selected!) || 10.1.5.100/32 | 32 bits | Host route (if exists) |+------------------------------------------------------------------+
Routing Decision Process:+------------------------------------------------------------------+
Packet Arrives | v +------------------------+ | Is Dest in Local Subnet?| +------------------------+ | Yes / \ No / \ v v +---------+ +------------------------+ |ARP for | | Check Route Table | |Target | +------------------------+ +---------+ | v +------------------------+ | Route Found? | +------------------------+ | \ Yes / \ No / \ v v +---------+ +------------------------+ |Forward | | Check Default Route | |to Local | +------------------------+ |or Drop | | Yes/ \No / \ v v +---------+ +--------+ |Forward | |Drop | |via GW | |Packet | +---------+ +--------+
+------------------------------------------------------------------+Layer 2: Data Link Layer
Section titled “Layer 2: Data Link Layer”The Data Link Layer provides node-to-node data transfer, handling physical addressing and error detection.
+------------------------------------------------------------------+| Ethernet Frame Structure |+------------------------------------------------------------------+
IEEE 802.3 Ethernet Frame:+------------------------------------------------------------------+| Preamble | SFD | Dest MAC | Src MAC | Type/ | Data | FCS || (7 bytes)|(1B) | (6 bytes)|(6 bytes)|Length |(46-1500B)|(4 bytes)|+------------------------------------------------------------------+
| <------------------------ 64-1518 bytes ----------------------> |
Field Details:+------------------------------------------------------------------+| Field | Size | Description ||--------------|---------|----------------------------------------|| Preamble | 7 bytes | Synchronization pattern (10101010) || SFD | 1 byte | Start Frame Delimiter (10101011) || Destination | 6 bytes | MAC address of receiver || Source | 6 bytes | MAC address of sender || Type/Length | 2 bytes | EtherType (>1500) or length (<=1500) || Data | 46-1500B| Upper layer data (padding if needed) || FCS | 4 bytes | Frame Check Sequence (CRC-32) |
Common EtherType Values:+------------------------------------------------------------------+| Value | Protocol | Description ||--------|----------------------|--------------------------------|| 0x0800 | IPv4 | Internet Protocol version 4 || 0x0806 | ARP | Address Resolution Protocol || 0x86DD | IPv6 | Internet Protocol version 6 || 0x8100 | VLAN Tag | IEEE 802.1Q VLAN tagging || 0x8847 | MPLS (label stack) | Multiprotocol Label Switching || 0x8848 | MPLS (reserved) | MPLS |
+------------------------------------------------------------------+MAC Address Deep Dive
Section titled “MAC Address Deep Dive”+------------------------------------------------------------------+| MAC Address Deep Dive |+------------------------------------------------------------------+
MAC Address Format:+------------------------------------------------------------------+| XX:XX:XX:XX:XX:XX (48 bits, 6 bytes) || |---- OUI ----| |--- NIC ---| || 24 bits 24 bits |+------------------------------------------------------------------+
First 24 Bits (OUI - Organizationally Unique Identifier):+------------------------------------------------------------------+| Assigned by IEEE to manufacturers || Examples: || 00:00:0C - Cisco Systems || 00:1A:2B - Some Dell devices || B8:27:EB - Raspberry Pi Foundation || F0:18:98 - Apple || 3C:22:0B - HP |+------------------------------------------------------------------+
Special MAC Addresses:+------------------------------------------------------------------+| Address | Purpose ||-------------------|---------------------------------------------|| 00:00:00:00:00:00| Unknown/unspecified (also written as ::/0) || FF:FF:FF:FF:FF:FF| Broadcast address || 01:00:5E:xx:xx:xx| IPv4 multicast || 33:33:xx:xx:xx:xx| IPv6 multicast || 00:00:5E:00:00:00| VRRP (Virtual Router Redundancy Protocol) |
Address Types:+------------------------------------------------------------------+| Type | Description ||-------------|----------------------------------------------------|| Unicast | Single network interface || Multicast | Group of interfaces (first byte LSB = 1) || Broadcast | All interfaces on segment (FF:FF:FF:FF:FF:FF) |
+------------------------------------------------------------------+Switch Operations
Section titled “Switch Operations”+------------------------------------------------------------------+| Switch Operations Deep Dive |+------------------------------------------------------------------+
MAC Address Table (CAM Table):+------------------------------------------------------------------+| VLAN | MAC Address | Port | Type | Age ||------|-------------------|-------|----------|--------|| 1 | 00:11:22:33:44:55| Gi0/1 | Dynamic | 20 sec || 1 | aa:bb:cc:dd:ee:ff| Gi0/2 | Dynamic | 45 sec || 1 | 11:22:33:44:55:66| Gi0/3 | Static | - |+------------------------------------------------------------------+
Switch Learning Process:+------------------------------------------------------------------+
1. SWITCH RECEIVES FRAME +------------------------------------------------------------------+ | Frame arrives on port Gi0/1 | | Source MAC: 00:11:22:33:44:55 | +------------------------------------------------------------------+
2. LEARN SOURCE MAC +------------------------------------------------------------------+ | Add/update MAC address table: | | MAC 00:11:22:33:44:55 -> Port Gi0/1 | | Start aging timer | +------------------------------------------------------------------+
3. LOOKUP DESTINATION MAC +------------------------------------------------------------------+ | Check if destination MAC is in table: | | - Known? Forward to specific port | | - Unknown? Flood to all ports except source | | - Broadcast? Flood to all ports | +------------------------------------------------------------------+
Switching Methods:+------------------------------------------------------------------+
1. STORE-AND-FORWARD +------------------------------------------------------------------+ | - Receives entire frame | | - Checks CRC (FCS) | | - Forwards if valid | | - Adds latency (good error detection) | | - Standard for most modern switches | +------------------------------------------------------------------+
2. CUT-THROUGH +------------------------------------------------------------------+ | - Starts forwarding after reading destination MAC | | - Faster but forwards corrupted frames | | - Used when error rate is low | +------------------------------------------------------------------+
3. FRAGMENT-FREE +------------------------------------------------------------------+ | - Forwards after first 64 bytes | | - Avoids collision fragments (which are < 64 bytes) | | - Balance between speed and reliability | +------------------------------------------------------------------+
VLAN Tagging (802.1Q):+------------------------------------------------------------------+
Original Frame: [Dest][Src][Type][Data][FCS]
Tagged Frame: [Dest][Src][TPID=0x8100][TCI][Type][Data][FCS] |------- VLAN Tag -------|
TCI (Tag Control Information):+------------------------------------------------------------------+| Bits | Field | Description ||------|----------------|----------------------------------------|| 3 | Priority Code | 802.1p QoS priority (0-7) || 1 | DEI/CFI | Drop Eligibility Indicator || 12 | VLAN ID | VLAN identifier (1-4094) |
Native VLAN:+------------------------------------------------------------------+| - Untagged traffic on trunk port || - Default: VLAN 1 || - Should be changed for security |
+------------------------------------------------------------------+Layer 1: Physical Layer
Section titled “Layer 1: Physical Layer”The Physical Layer deals with the actual physical transmission of data as bits over various media.
+------------------------------------------------------------------+| Physical Layer - Media Types |+------------------------------------------------------------------+
COPPER CABLES:+------------------------------------------------------------------+
Twisted Pair Cable Categories:+------------------------------------------------------------------+| Category | Max Speed | Max Distance | Use Case ||----------|-----------|--------------|----------------------------|| Cat3 | 10 Mbps | 100m | Voice (legacy) || Cat5 | 100 Mbps | 100m | 10/100 Ethernet || Cat5e | 1 Gbps | 100m | 1 Gbps Ethernet || Cat6 | 10 Gbps | 55m (100m@1G)| 10G Ethernet || Cat6a | 10 Gbps | 100m | 10G Ethernet (enhanced) || Cat7 | 10 Gbps | 100m | 10G (shielded) || Cat8 | 25-40Gbps| 30m | 25/40G Ethernet |
UTP vs STP:+------------------------------------------------------------------+| UTP (Unshielded Twisted Pair): || - No shielding || - Susceptible to EMI || - Less expensive || - Common for home/small business |+------------------------------------------------------------------+| STP (Shielded Twisted Pair): || - Individual pairs shielded || - Better EMI resistance || - More expensive || - Industrial environments |+------------------------------------------------------------------+
FIBER OPTIC CABLES:+------------------------------------------------------------------+
Multimode Fiber (MMF):+------------------------------------------------------------------+| Core Diameter: 50 or 62.5 microns || Light Source: LED or VCSEL || Distance: Up to 2km (depending on grade) || Bandwidth: Up to 4000 MHz·km || Color Code: Orange (OM1/OM2), Aqua (OM3/OM4/OM5) |
Single-Mode Fiber (SMF):+------------------------------------------------------------------+| Core Diameter: 8-10 microns || Light Source: Laser || Distance: Up to 100km+ (without repeaters) || Bandwidth: Unlimited (laser) || Color Code: Yellow |
OM/OS Standards:+------------------------------------------------------------------+| Type | Core(μm) | Bandwidth | Distance @10G | Distance @40G ||-------|----------|-------------|---------------|---------------|| OM1 | 62.5 | 200 MHz·km | 33m | - || OM2 | 50 | 500 MHz·km | 82m | - || OM3 | 50 (LOF) | 2000 MHz·km | 300m | 100m || OM4 | 50 (LOF) | 4700 MHz·km | 400m | 150m || OM5 | 50 (LOF) | 2800 MHz·km | - | 400m || OS1 | 9 | - | 10km | 10km || OS2 | 9 | - | 40km | 40km |
+------------------------------------------------------------------+1.4 Data Encapsulation and De-encapsulation
Section titled “1.4 Data Encapsulation and De-encapsulation”This is a critical concept that ties all layers together.
+------------------------------------------------------------------+| DATA ENCAPSULATION PROCESS |+------------------------------------------------------------------+
SENDER (Application to Physical):+------------------------------------------------------------------+
Layer 7 (Application):+------------------------------------------------------------------+| Data Generated by Application || Example: HTTP GET request for webpage || PDU: DATA (or message) |+------------------------------------------------------------------+
Layer 6 (Presentation):+------------------------------------------------------------------+| Data may be encrypted or compressed || PDU: DATA (no change in format, just transformed) |+------------------------------------------------------------------+
Layer 5 (Session):+------------------------------------------------------------------+| Session ID added (if needed) || PDU: DATA (with session info) |+------------------------------------------------------------------+
Layer 4 (Transport):+------------------------------------------------------------------+| Adds Source and Destination Ports || May segment large data into smaller chunks || PDU: SEGMENT (TCP) or DATAGRAM (UDP) || || Example: || Original: [Data] || With header: [SrcPort:80|DstPort:54321|Data] |+------------------------------------------------------------------+
Layer 3 (Network):+------------------------------------------------------------------+| Adds Source and Destination IP Addresses || PDU: PACKET (or datagram) || || Example: || Incoming: [TCP Header|Data] || With IP: [SrcIP:192.168.1.10|DstIP:8.8.8.8|TCP Header|Data] |+------------------------------------------------------------------+
Layer 2 (Data Link):+------------------------------------------------------------------+| Adds Source and Destination MAC Addresses || Adds Frame Check Sequence (CRC) for error detection || PDU: FRAME || || Example: || Incoming: [IP Header|TCP Header|Data] || With Ethernet: [DstMac|SrcMac|Type|IP|TCP|Data|FCS] |+------------------------------------------------------------------+
Layer 1 (Physical):+------------------------------------------------------------------+| Converts frame to electrical/optical/radio signals || PDU: BITS || || Example: || Binary: 101101001110... || Signal: Light pulses / Electrical voltage / Radio waves |+------------------------------------------------------------------+
RECEIVER (Physical to Application):+------------------------------------------------------------------+
1. Physical Layer: +------------------------------------------------------------------+ | Receives signals, converts to bits | | Passes bits to Data Link Layer | +------------------------------------------------------------------+
2. Data Link Layer: +------------------------------------------------------------------+ | Validates Frame Check Sequence (FCS) | | Checks if destination MAC matches own MAC | | Strips MAC addresses and passes to Network Layer | +------------------------------------------------------------------+
3. Network Layer: +------------------------------------------------------------------+ | Validates destination IP | | Strips IP header and passes to Transport Layer | +------------------------------------------------------------------+
4. Transport Layer: +------------------------------------------------------------------+ | Reassembles segments in correct order (TCP) | | Validates checksum | | Passes data to Session Layer | +------------------------------------------------------------------+
5. Session Layer: +------------------------------------------------------------------+ | Manages session state | | May add checkpoint markers for large transfers | +------------------------------------------------------------------+
6. Presentation Layer: +------------------------------------------------------------------+ | Decrypts data (if encrypted) | | Decompresses data (if compressed) | +------------------------------------------------------------------+
7. Application Layer: +------------------------------------------------------------------+ | Presents data to application | | Example: HTTP response displayed in browser | +------------------------------------------------------------------+
+------------------------------------------------------------------+1.5 Protocol Data Units Summary
Section titled “1.5 Protocol Data Units Summary”+------------------------------------------------------------------+| PDU Summary Table |+------------------------------------------------------------------+
Layer | Name | PDU Name | Address Used |------|---------------|--------------|---------------------------|7 | Application | Data | Hostname, URL |6 | Presentation | Data | - |5 | Session | Data | Session ID |4 | Transport | Segment | Port numbers | | | Datagram | (0-65535) |3 | Network | Packet | IP addresses | | | | (32-bit IPv4, 128-bit | | | | IPv6) |2 | Data Link | Frame | MAC addresses | | | | (48-bit) |1 | Physical | Bits | - |
Encapsulation Summary:+------------------------------------------------------------------+
Application Data -> [Transport Header] -> [Network Header] ->[Data Link Header] -> [Data Link Trailer] -> Bits
Each layer adds its own header (and sometimes trailer)The final result is transmitted as bits
+------------------------------------------------------------------+1.6 OSI vs TCP/IP Comparison
Section titled “1.6 OSI vs TCP/IP Comparison”+------------------------------------------------------------------+| OSI 7-Layer vs TCP/IP 4-Layer |+------------------------------------------------------------------+
OSI Model TCP/IP Model +-----------------+ +-----------------+ | 7. Application | | | | 6. Presentation| ----> | Application | | 5. Session | | | +-----------------+ +-----------------+ | 4. Transport | ----> | Transport | +-----------------+ +-----------------+ | 3. Network | ----> | Internet | +-----------------+ +-----------------+ | 2. Data Link | | | | 1. Physical | ----> | Link | +-----------------+ +-----------------+
Key Differences:+------------------------------------------------------------------+
| Aspect | OSI Model | TCP/IP Model ||------------------|--------------------|------------------------|| Layers | 7 | 4 || Design | Theoretical | Practical/implementatio|| Development | ISO (1984) | IETF (1970s-90s) || Flexibility | Very flexible | Less flexible || Vendor Support | Conceptual only | Actual implementation || Network Layer | Connectionless | Both connectionless || | and connection | and connection-oriented|| | oriented | || Session Layer | Full specification | Not separately defined|
Why TCP/IP Won:+------------------------------------------------------------------+| 1. First to market - actual implementation came first || 2. Simpler - fewer layers || 3. Built on UNIX - integral to early internet || 4. Open standard - not controlled by single vendor || 5. OSI came later when TCP/IP was already established |
When to Use Each:+------------------------------------------------------------------+| OSI Model: || - Conceptual discussions || | Learning/teaching networking || - Troubleshooting (which layer is problem?) || - Designing network architecture |+------------------------------------------------------------------+| TCP/IP Model: || - Actual implementation || - Configuration and troubleshooting || - Working with real networks |+------------------------------------------------------------------+
+------------------------------------------------------------------+1.7 Network Devices by Layer
Section titled “1.7 Network Devices by Layer”+------------------------------------------------------------------+| Network Devices by OSI Layer |+------------------------------------------------------------------+
Layer 1 (Physical) Devices:+------------------------------------------------------------------+| Device | Function | Notes ||-------------|--------------------------------|-------------------|| Hub | Amplify and broadcast signals | No addressing || Repeater | Regenerate signal | Extends distance || Media Conv | Convert between media types | Copper to fiber || NIC | Network Interface Card | Works at L1/L2 |+------------------------------------------------------------------+
Layer 2 (Data Link) Devices:+------------------------------------------------------------------+| Device | Function | Notes ||-------------|--------------------------------|-------------------|| Switch | Forward based on MAC addr | Learns addresses || Bridge | Connect two collision domains | Legacy device || WAP | Wireless Access Point | Bridges WiFi/Eth || NIC | Network Interface Card | Has MAC address |+------------------------------------------------------------------+
Layer 3 (Network) Devices:+------------------------------------------------------------------+| Device | Function | Notes ||-------------|--------------------------------|-------------------|| Router | Forward based on IP addr | Makes routing || Layer 3 Sw | Switch with routing capability| VLAN routing || Firewall | Filter based on rules | Can work at L2-L7|| Multilayer | Combines L2, L3, L4 functions | Modern switches |+------------------------------------------------------------------+
Devices Operating at Multiple Layers:+------------------------------------------------------------------+| Device | Primary | Also Works At ||-------------|---------|----------------------------------------|| Firewall | L3 | L4, L7 (Next-Gen) || Load Balancer| L4 | L7 (Application) || IDS/IPS | L2-L7 | Deep Packet Inspection || Proxy | L7 | Application layer gateway |
+------------------------------------------------------------------+1.8 Interview Questions and Answers
Section titled “1.8 Interview Questions and Answers”Q1: What is the difference between TCP and UDP?
Section titled “Q1: What is the difference between TCP and UDP?”Answer:
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are both Transport Layer protocols, but they have fundamentally different characteristics:
TCP - Connection-Oriented:
- Establishes connection via three-way handshake before data transfer
- Guarantees delivery through acknowledgments and retransmissions
- Maintains packet order
- Implements flow control using sliding window
- Implements congestion control algorithms
- Higher overhead (20-60 byte header)
- Slower but reliable
UDP - Connectionless:
- No connection establishment needed
- No delivery guarantee - no acknowledgments
- No packet ordering
- No flow control
- No congestion control
- Minimal header (8 bytes)
- Faster but unreliable
Use Cases:
- TCP: HTTP, HTTPS, FTP, SSH, Email (SMTP, POP3, IMAP), Database connections
- UDP: DNS queries, VoIP, video streaming, online gaming, DHCP, SNMP
Q2: What happens when you type “google.com” in a browser?
Section titled “Q2: What happens when you type “google.com” in a browser?”Answer:
This is a classic interview question that tests understanding of the entire networking stack:
-
DNS Resolution (Layer 7):
- Browser checks local DNS cache
- If not found, queries configured DNS server
- DNS returns IP: 142.250.190.46 (example)
-
TCP Connection (Layer 4):
- Browser initiates TCP three-way handshake
- SYN → SYN-ACK → ACK (if HTTPS, TLS handshake happens here)
-
HTTP Request (Layer 7):
- Browser sends HTTP GET request:
GET / HTTP/1.1Host: www.google.comAccept: text/htmlUser-Agent: Mozilla/5.0...
- Browser sends HTTP GET request:
-
HTTP Response (Layer 7):
- Server responds with HTTP 200 OK
- Sends HTML content, CSS, JavaScript references
-
Rendering (Layer 7+):
- Browser parses HTML
- Makes additional requests for resources
- Renders webpage
Q3: What is the difference between a hub, switch, and router?
Section titled “Q3: What is the difference between a hub, switch, and router?”Answer:
| Device | Layer | Function | Collision Domain | MAC Learning |
|---|---|---|---|---|
| Hub | Physical | Broadcasts to all ports | Single (all ports) | No |
| Switch | Data Link | Forwards to specific port | Per port | Yes |
| Router | Network | Routes between networks | Each interface | No (uses IP) |
Hub:
- Operates at Physical Layer
- Repeats signal to ALL ports
- Creates single collision domain
- No MAC address table
- Security risk - anyone can see all traffic
- Half-duplex only
Switch:
- Operates at Data Link Layer
- Learns MAC addresses
- Creates forwarding table (CAM table)
- Each port is separate collision domain
- Full-duplex support
Router:
- Operates at Network Layer
- Makes routing decisions based on IP addresses
- Routes between different networks
- Creates broadcast domains per interface
- Uses routing table
Q4: Explain the three-way handshake in TCP
Section titled “Q4: Explain the three-way handshake in TCP”Answer:
The three-way handshake establishes a reliable TCP connection:
-
SYN (Client → Server):
- Client sends SYN with Sequence Number (x)
- Client enters SYN_SENT state
- Example: “I want to establish connection, I’ll start at sequence 100”
-
SYN-ACK (Server → Client):
- Server acknowledges with ACK (x+1)
- Server sends own SYN with Sequence Number (y)
- Server enters SYN_RECEIVED state
- Example: “Acknowledged. I’m starting at sequence 200. Ready?”
-
ACK (Client → Server):
- Client acknowledges with ACK (y+1)
- Both enter ESTABLISHED state
- Data transfer can begin
- Example: “Acknowledged. Let’s transfer data.”
This ensures both parties are ready and have agreed on initial sequence numbers, preventing stale connections from interfering.
Q5: What is the difference between TCP and UDP ports?
Section titled “Q5: What is the difference between TCP and UDP ports?”Answer:
Ports allow multiple applications on the same device to use network services simultaneously:
- Port Numbers: 16-bit (0-65535)
- Well-Known Ports (0-1023): System ports (HTTP=80, SSH=22, DNS=53)
- Registered Ports (1024-49151): User applications (MySQL=3306, PostgreSQL=5432)
- Dynamic/Private Ports (49152-65535): Ephemeral ports for client connections
TCP and UDP both use the same port space - you can have TCP/80 and UDP/80 simultaneously as separate services.
Example:
- Server runs HTTP on TCP port 80 and DNS on UDP port 53
- Client connects to server’s port 80 using a random ephemeral port (e.g., 49152)
Q6: How does a switch learn MAC addresses?
Section titled “Q6: How does a switch learn MAC addresses?”Answer:
The switch learns MAC addresses dynamically through the following process:
-
Frame Arrival:
- Frame arrives on a port (e.g., Port 1)
- Contains Source MAC address (e.g., AA:BB:CC:DD:EE:FF)
-
Learn:
- Switch adds to MAC address table:
MAC: AA:BB:CC:DD:EE:FF → Port 1
- Starts aging timer
- Switch adds to MAC address table:
-
Forward:
- Looks up Destination MAC in table
- If known: forwards to that port only
- If unknown: floods to all except source port
- If broadcast (FF:FF:FF:FF:FF:FF): floods to all except source
-
Aging:
- If MAC not seen for period (default 300 seconds on Cisco), entry is removed
This process ensures the switch builds and maintains an accurate forwarding table.
1.9 Chapter Summary
Section titled “1.9 Chapter Summary”In this comprehensive chapter, you learned:
- ✅ Why the OSI model exists - standardization, modularity, interoperability
- ✅ All 7 layers in detail - from Physical to Application
- ✅ Protocols at each layer - HTTP, TLS, TCP, IP, Ethernet, and more
- ✅ Data encapsulation - how data is wrapped at each layer
- ✅ PDUs - Data, Segment/Packet, Frame, Bits
- ✅ Network devices by layer - Hubs, Switches, Routers
- ✅ TCP vs UDP - reliability vs speed trade-offs
- ✅ Common interview questions - with detailed answers
This foundational knowledge is essential for understanding how networks operate and for troubleshooting network issues.
Next Chapter
Section titled “Next Chapter”Chapter 2: TCP/IP Model & Protocols
Last Updated: February 2026