the session presentation and application layers are the support layers

Engineering Mathematics
Discrete Mathematics
Operating System
Computer Networks
Digital Logic and Design
C Programming
Data Structures
Theory of Computation
Compiler Design
Computer Org and Architecture
Computer Network Tutorial

Basics of Computer Network

Basics of Computer Networking
Introduction to basic Networking Terminology
Goals of Networks
Basic characteristics of Computer Networks
Challenges of Computer Network
Physical Components of Computer Network

Network Hardware and Software

Types of Computer Networks
LAN Full Form
How to Set Up a LAN Network?
MAN Full Form in Computer Networking
MAN Full Form
WAN Full Form
Introduction of Internetworking
Difference between Internet, Intranet and Extranet
Protocol Hierarchies in Computer Network
Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways and Brouter)
Introduction of a Router
Introduction of Gateways
What is a network switch, and how does it work?

Network Topology

Types of Network Topology
Difference between Physical and Logical Topology
What is OSI Model? - Layers of OSI Model
Physical Layer in OSI Model
Data Link Layer

Session Layer in OSI model

Presentation Layer in OSI model
Application Layer in OSI Model
Protocol and Standard in Computer Networks
Examples of Data Link Layer Protocols
TCP/IP Model
TCP/IP Ports and Its Applications
What is Transmission Control Protocol (TCP)?
TCP 3-Way Handshake Process
Services and Segment structure in TCP
TCP Connection Establishment
TCP Connection Termination
Fast Recovery Technique For Loss Recovery in TCP
Difference Between OSI Model and TCP/IP Model

Medium Access Control

MAC Full Form
Channel Allocation Problem in Computer Network
Multiple Access Protocols in Computer Network
Carrier Sense Multiple Access (CSMA)
Collision Detection in CSMA/CD
Controlled Access Protocols in Computer Network

SLIDING WINDOW PROTOCOLS

Stop and Wait ARQ
Sliding Window Protocol | Set 3 (Selective Repeat)
Piggybacking in Computer Networks

IP Addressing

What is IPv4?
What is IPv6?
Introduction of Classful IP Addressing
Classless Addressing in IP Addressing
Classful Vs Classless Addressing
Classless Inter Domain Routing (CIDR)
Supernetting in Network Layer
Introduction To Subnetting
Difference between Subnetting and Supernetting
Types of Routing
Difference between Static and Dynamic Routing
Unicast Routing - Link State Routing
Distance Vector Routing (DVR) Protocol
Fixed and Flooding Routing algorithms
Introduction of Firewall in Computer Network

Congestion Control Algorithms

Congestion Control in Computer Networks
Congestion Control techniques in Computer Networks
Computer Network | Leaky bucket algorithm
TCP Congestion Control

Network Switching

Circuit Switching in Computer Network
Message switching techniques
Packet Switching and Delays in Computer Network
Differences Between Virtual Circuits and Datagram Networks

Application Layer:DNS

Domain Name System (DNS) in Application Layer
Details on DNS
Introduction to Electronic Mail
E-Mail Format
World Wide Web (WWW)
HTTP Full Form
Streaming Stored Video
What is a Content Distribution Network and how does it work?

CN Interview Quetions

Top 50 Networking Interview Questions (2024)
Top 50 TCP/IP interview questions and answers
Top 50 IP addressing interview questions and answers
Last Minute Notes - Computer Networks
Computer Network - Cheat Sheet
Network Layer
Transport Layer
Application Layer

Prerequisite : OSI Layer

Introduction : The Session Layer is the 5th layer in the Open System Interconnection (OSI) model. This layer allows users on different machines to establish active communications sessions between them. It is responsible for establishing, maintaining, synchronizing, terminating sessions between end-user applications. In Session Layer, streams of data are received and further marked, which is then resynchronized properly, so that the ends of the messages are not cut initially and further data loss is avoided. This layer basically establishes a connection between the session entities. This layer handles and manipulates data which it receives from the Session Layer as well as from the Presentation Layer.

Working of Session Layer : Session Layer, which is the 5th layer in the OSI model, uses the services provided by The transport layer, enables applications to establish and maintain sessions and to synchronize the sessions. Now, in order to establish a session connection, several things should be followed.

First thing is we should map the session address to the shipping address. The second thing is that we need to select the required transport quality of service (also referred as QoS) parameters. Next thing is we need to take care of the negotiations which should happen between session parameters. Then we further need to transmit limited transparent user data. Then at last, we need to monitor Data Transfer phase properly. The ability to send larger amount of data files is extremely important and a necessary thing too.

Functions of Session Layer : The session layer being the fifth layer in the OSI model performs several different as well as important functions which are need for establishing as well as maintaining a safe and secure connection.

Following are some of the functions which are performed by Session Layer –

Session Layer works as a dialog controller through which it allows systems to communicate in either half-duplex mode or full duplex mode of communication.
This layer is also responsible for token management, through which it prevents two users to simultaneously access or attempting the same critical operation.
This layer allows synchronization by allowing the process of adding checkpoints, which are considered as synchronization points to the streams of data.
This layer is also responsible for session checkpointing and recovery.
This layer basically provides a mechanism of opening, closing and managing a session between the end-user application processes.
The services offered by Session Layer are generally implemented in application environments using remote procedure calls (RPCs).
The Session Layer is also responsible for synchronizing information from different sources.
This layer also controls single or multiple connections for each-end user application and directly communicates with both Presentation and transport layers.
Session Layer creates procedures for checkpointing followed by adjournment, restart and termination.
Session Layer uses checkpoints to enable communication sessions which are to be resumed from that particular checkpoint at which communication failure has occurred.
The session Layer is responsible for fetching or receiving data information from its previous layer (transport layer) and further sends data to the layer after it (presentation layer).

Session Layer Protocols : Session Layer uses some protocols which are required for safe, secure and accurate communication which exists between two-ender user applications. Following are some of the protocols provided or used by the Session Layer –

AppleTalk Data Stream Protocol (ADSP): ADSP is that type of protocol which was developed by Apple Inc. and it includes a number of features that allow local area networks to be connected with no prior setup. This protocol was released in 1985. This protocol rigorously followed the OSI model of protocol layering. ADSP itself has two protocols named: AppleTalk Address Resolution Protocol (AARP) and Name Binding Protocol (NBP), both aimed at making system self-configuring.
Real-time Transport Control Protocol (RTCP): RTCP is a protocol which provides out-of-band statistics and control information for an RTP (Real-time Transport Protocol) session. RTCP’s primary function is to provide feedback on the quality of service (QoS) in media distribution by periodically sending statistical information such as transmitted octet and packet counts or packet loss to the participants in the streaming multimedia session.
Point-to-Point Tunneling Protocol (PPTP): PPTP is a protocol which provides a method for implementing virtual private networks. PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate PPP (Point-to-Point Protocol) packets This protocol provides security levels and remote access levels comparable with typical VPN (Virtual Private Network) products.
Password Authentication Protocol (PAP): Password Authentication Protocol is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. Almost all network operating systems, remote servers support PAP. PAP authentication is done at the time of the initial link establishment and verifies the identity of the client using a two-way handshake (Client-sends data and server in return sends Authentication-ACK (Acknowledgement) after the data sent by client is verified completely).
Remote Procedure Call Protocol (RPCP): Remote Procedure Call Protocol (RPCP) is a protocol that is used when a computer program causes a procedure (or a sub-routine) to execute in a different address space without the programmer explicitly coding the details for the remote interaction. This is basically the form of client-server interaction, typically implemented via a request-response message-passing system.
Sockets Direct Protocol (SDP): Sockets Direct Protocol (SDP) is a protocol that supports streams of sockets over Remote Direct Memory Access (RDMA) network fabrics. The purpose of SDP is to provide an RDMA-accelerated alternative to the TCP protocol. The primary goal is to perform one particular thing in such a manner which is transparent to the application.

Please Login to comment...

Improve your Coding Skills with Practice

What kind of Experience do you want to share?

The OSI Model’s 7 Layers, Explained

The seven layers in the Open Systems Interconnection (OSI) model each serve a specific function and work together to create an efficient network communication system.

The Open Systems Interconnection (OSI) model is a framework in network communication that simplifies complex network interactions into a structured format.

What Is the OSI Model?

The Open Systems Interconnection model is a framework in network communication designed to simplify complex network interactions into a structured format. This architecture has seven layers, each of which serves a specific function. All seven layers work together to create a robust and efficient network communication system.

Each of its seven layers has a distinct role, ensuring efficient data transfer from one device to another . The OSI model is essential for understanding how data is transmitted in a network and is also a practical guide for network protocol design and problem solving.

learn more about cybersecurity An Introduction to Microsegmentation in Network Security

The OSI model, developed by the International Organization for Standardization , outlines the essential functions of networking and telecommunications systems for practical application. It plays a crucial role in telecommunications, where vendors use it to define the features and capabilities of their products and services.

This approach allows for a detailed explanation of different aspects of network communication, including transport protocols, addressing schemes and data packaging methods. As a result, the OSI model resolves the complexities of network communication and fosters a more integrated and coherent digital world .

The 7 Layers of the OSI Model

Each layer of the OSI model serves a specific function, yet they work in harmony to create a robust and efficient network communication system. Understanding these layers provides valuable insights into the complexities of network design and operation, showcasing the intricate nature of modern digital communication.

Layer 7: Application Layer

Functionality: The Application Layer is the closest to the end user. It facilitates user interaction with networked systems, providing interfaces and protocols for web browsers, email clients and other applications.

Key protocols: Protocols like HTTP, FTP and SMTP operate at this layer, enabling services such as web browsing, file transfers and email communications.

Layer 6: Presentation Layer

Role: The Presentation Layer acts as a translator, converting data formats from the application layer into a network-compatible format and vice versa. It ensures that data sent from one system is readable by another.

Data formatting: This layer is responsible for data encryption and compression, playing a significant role in maintaining data privacy and efficient transmission.

Layer 5: Session Layer

Managing sessions: It establishes, manages and terminates sessions between applications. This layer ensures that sessions are maintained for the duration of the communication.

Coordination: The Session Layer coordinates communication between systems, managing dialogues and synchronizing data exchange.

Layer 4: Transport Layer

Data segmentation and control: The Transport Layer is crucial for segmenting data into smaller packets. It ensures end-to-end data integrity and delivery, managing flow control, error correction and sequencing.

Protocols: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are key protocols in this layer, differing in their approach to data transmission.

Layer 3: Network Layer

Routing and addressing: This layer is responsible for logical addressing and routing data packets across different networks. It determines the best path for data to travel from source to destination.

Internet protocol: The Internet Protocol (IP), fundamental for internet data exchange, operates at this layer.

Layer 2: Data Link Layer

Framing and MAC addressing: The Data Link Layer frames data into packets. It handles physical addressing through MAC addresses, ensuring that data is directed to the correct hardware.

Error detection: This layer is also involved in error detection and handling, improving overall data transmission reliability.

Layer 1: Physical Layer

Physical transmission: The Physical Layer deals with the physical aspects of data transmission, including cable types, electrical signals and data rates.

Hardware components: It involves hardware components like cables, switches and network interface cards, forming the foundation of network communication.

How Data Flows in the OSI Model

Understanding this data flow process is crucial for professionals, as it aids in diagnosing and troubleshooting network issues, designing efficient network solutions and ensuring robust data security and management.

Encapsulation Process

When data is sent, it begins at the Application Layer and moves down through the layers. At each stage, it is encapsulated with the necessary headers, trailers, and other control information relevant to that layer. For instance, at the Transport Layer, data is segmented and encapsulated with port numbers, while at the Network Layer, IP addresses are added.

Each layer plays a role in preparing the data for transmission. The Presentation Layer may encrypt the data for security, while the Data Link Layer ensures it is formatted into frames suitable for physical transmission.

Data Transmission Across the Network

The Physical Layer transmits the raw bits over a physical medium, such as a cable or wireless network. This transmission is the actual movement of data across the network. In cases where data must move across different networks, the Network Layer’s routing functionalities become crucial. It ensures that data packets find the most efficient path to their destination.

Decapsulation Process

Upon reaching the destination, the data moves up the OSI model, with each layer removing its respective encapsulation. The Data Link Layer, for instance, removes framing, and the Transport Layer checks for transmission errors and reassembles the data segments. Once the data reaches the Application Layer, it is in its original format and ready to be used by the receiving application, whether it’s an email client, a web browser or any other networked software.

Seamless Data Flow

The OSI model ensures that each layer only communicates with its immediate upper and lower layers, creating a seamless flow. This layered approach means changes in one layer’s protocols or functionalities can occur without disrupting the entire network.

OSI Model Advantages

The OSI model is a cornerstone in network architecture for several reasons:

Simplification of network design

The OSI model’s layered approach breaks down complex network processes, making design and operation more manageable. Each layer focuses on a specific aspect of communication, allowing for independent development and easier troubleshooting.

Standardization and interoperability

It establishes universal standards for network communication, enabling different technologies to interact seamlessly. This interoperability is crucial for the efficient functioning of diverse network devices and applications.

Flexibility and Scalability

Adaptable to technological advancements, the OSI model allows individual layers to evolve without overhauling the entire system. This scalability makes it suitable for various network sizes and types.

Enhanced Security

Security measures are integrated at multiple layers, providing a robust defense against threats. Each layer can address specific security concerns, leading to comprehensive network protection.

Real-World Applications of the OSI Model

The OSI model’s influence extends well beyond theoretical concepts, playing a crucial role in various practical aspects of networking:

Network Design and Protocol Development

Network professionals use the OSI model as a blueprint for structuring and developing robust networks. It guides the creation of new protocols, ensuring seamless integration and functionality across different network layers.

Efficient Troubleshooting and Management

In troubleshooting, the OSI model provides a systematic approach for identifying issues, from physical connectivity to application-level errors. It also aids in network maintenance and performance optimization, addressing each layer to enhance overall efficiency.

Cybersecurity Strategy

The model is foundational in crafting layered security strategies . By implementing security measures at different layers, it offers comprehensive protection against various cyber threats. Understanding the OSI layers is key in detecting and mitigating attacks targeting specific network segments.

Educational and Training Tool

It serves as an essential framework in networking education, helping students and professionals alike understand complex network operations. The OSI model is a cornerstone in training programs , emphasizing the intricacies of network architecture and security.

safety first When and How to Run a Phishing Simulation

OSI Model vs. TCP/IP Model

While the OSI model offers a detailed conceptual framework, the TCP/IP model is recognized for its practical application in today’s internet-driven world.

Structural Differences

OSI model : Introduced as a comprehensive, protocol-independent framework, the OSI model details seven distinct layers, offering a more granular approach to network communication.

TCP/IP model : Developed earlier by the U.S. Department of Defense, the TCP/IP model consists of four layers (Application, Transport, Internet and Network Access), combining certain OSI layers.

Theoretical vs. Practical Approach

OSI model : Developed as a theoretical and universal networking model, it’s used more for educational purposes to explain how networks operate.

TCP/IP model : This model is designed around specific standard protocols, focusing on solving practical communication issues. It leaves sequencing and acknowledgment functions to the transport layer, differing from the OSI approach.

Adoption and Use

OSI model: While not widely implemented in its entirety, the OSI model’s clear layer separation is influential in protocol design and network education; simpler applications in the OSI framework may not utilize all seven layers, with only the first three layers (Physical, Data Link, and Network) being mandatory for basic data communication.

TCP/IP model : The dominant model used in most network architectures today, especially in internet-related communications. In TCP/IP, most applications engage all layers for communication.

Frequently Asked Questions

Why is the osi model important.

The OSI model is crucial for standardizing network communication and ensuring interoperability between various devices and systems. It simplifies network design and troubleshooting and serves as a fundamental educational tool in networking.

What are the 7 layers of the OSI model?

Layer 1: Physical Layer — Transmits raw data.

Layer 2: Data Link Layer — Manages direct links and framing.

Layer 3: Network Layer — Handles addressing and routing.

Layer 4: Transport Layer — Ensures reliable data transfer.

Layer 5: Session Layer — Manages connections.

Layer 6: Presentation Layer — Translates data formats.

Layer 7: Application Layer — Interfaces with applications.

Recent Expert Contributors Articles

How-To Geek

The 7 osi networking layers explained.

The Open Systems Interconnection (OSI) networking model defines a conceptual framework for communications between computer systems.

Quick Links

Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer

The Open Systems Interconnection (OSI) networking model defines a conceptual framework for communications between computer systems. The model is an ISO standard which identifies seven fundamental networking layers, from the physical hardware up to high-level software applications.

Each layer in the model handles a specific networking function. The standard helps administrators to visualize networks, isolate problems, and understand the use cases for new technologies. Many network equipment vendors advertise the OSI layer that their products are designed to slot into.

OSI was adopted as an international standard in 1984. It remains relevant today despite the changes to network implementation that have occurred since first publication. Cloud, edge, and IoT can all be accommodated within the model.

In this article, we'll explain each of the seven OSI layers in turn. We'll start from the lowest level, labelled as Layer 1.

1. Physical Layer

All networking begins with physical equipment. This layer encapsulates the hardware involved in the communications, such as switches and cables. Data is transferred as a stream of binary digits - 0 or 1 - that the hardware prepares from input it's been fed. The physical layer specifies the electrical signals that are used to encode the data over the wire, such as a 5-volt pulse to indicate a binary "1."

Errors in the physical layer tend to result in data not being transferred at all. There could be a break in the connection due to a missing plug or incorrect power supply. Problems can also arise when two components disagree on the physical encoding of data values. In the case of wireless connections, a weak signal can lead to bit loss during transmission.

2. Data Link Layer

The model's second layer concerns communication between two devices that are directly connected to each other in the same network. It's responsible for establishing a link that allows data to be exchanged using an agreed protocol. Many network switches operate at Layer 2.

The data link layer will eventually pass bits to the physical layer. As it sits above the hardware, the data link layer can perform basic error detection and correction in response to physical transfer issues. There are two sub-layers that define these responsibilities: Logical Link Control (LLC) that handles frame synchronization and error detection, and Media Access Control (MAC) which uses MAC addresses to constrain how devices acquire permission to transfer data.

3. Network Layer

The network layer is the first level to support data transfer between two separately maintained networks. It's redundant in situations where all your devices exist on the same network.

Data that comes to the network layer from higher levels is first broken up into packets suitable for transmission. Packets received from the remote network in response are reassembled into usable data.

The network layer is where several important protocols are first encountered. These include IP (for determining the path to a destination), ICMP, routing, and virtual LAN. Together these mechanisms facilitate inter-network communications with a familiar degree of usability. However operations at this level aren't necessarily reliable: messages aren't required to succeed and may not necessarily be retried.

4. Transport Layer

The transport layer provides higher-level abstractions for coordinating data transfers between devices. Transport controllers determine where data will be sent and the rate it should be transferred at.

Layer 4 is where TCP and UDP are implemented, providing the port numbers that allow devices to expose multiple communication channels. Load balancing is often situated at Layer 4 as a result, allowing traffic to be routed between ports on a target device.

Transport mechanisms are expected to guarantee successful communication. Stringent error controls are applied to recover from packet loss and retry failed transfers. Flow control is enforced so the sender doesn't overwhelm the remote device by sending data more quickly than the available bandwidth permits.

5. Session Layer

Layer 5 creates ongoing communication sessions between two devices. Sessions are used to negotiate new connections, agree on their duration, and gracefully close down the connection once the data exchange is complete. This layer ensures that sessions remain open long enough to transfer all the data that's being sent.

Checkpoint control is another responsibility that's held by Layer 5. Sessions can define checkpoints to facilitate progress updates and resumable transmissions. A new checkpoint could be set every few megabytes for a file upload, allowing the sender to continue from a particular point if the transfer gets interrupted.

Many significant protocols operate at Layer 5 including authentication and logon technologies such as LDAP and NetBIOS. These establish semi-permanent communication channels for managing an end user session on a specific device.

6. Presentation Layer

The presentation layer handles preparation of data for the application layer that comes next in the model. After data has made it up from the hardware, through the data link, and across the transport, it's almost ready to be consumed by high-level components. The presentation layer completes the process by performing any formatting tasks that may be required.

Decryption, decoding, and decompression are three common operations found at this level. The presentation layer processes received data into formats that can be eventually utilized by a client application. Similarly, outward-bound data is reformatted into compressed and encrypted structures that are suitable for network transmission.

TLS is one major technology that's part of the presentation layer. Certificate verification and data decryption is handled before requests reach the network client, allowing information to be consumed with confidence that it's authentic.

7. Application Layer

The application layer is the top of the stack. It represents the functionality that's perceived by network end users. Applications in the OSI model provide a convenient end-to-end interface to facilitate complete data transfers, without making you think about hardware, data links, sessions, and compression.

Despite its name, this layer doesn't relate to client-side software such as your web browser or email client. An application in OSI terms is a protocol that caters for the complete communication of complex data through layers 1-6.

HTTP, FTP, DHCP, DNS, and SSH all exist at the application layer. These are high-level mechanisms which permit direct transfers of user data between an origin device and a remote server. You only need minimal knowledge of the workings of the other layers.

The seven OSI layers describe the transfer of data through computer networks. Understanding the functions and responsibilities of each layer can help you identify the source of problems and assess the intended use case for new components.

OSI is an abstract model that doesn't directly map to the specific networking implementations commonly used today. As an example, the TCP/IP protocol works on its own simpler system of four layers: Network Access, Internet, Transport, and Application. These abstract and absorb the equivalent OSI layers: the application layer spans OSI L5 to L7, while L1 and L2 are combined in TCP/IP's concept of Network Access.

OSI remains applicable despite its lack of direct real-world application. It's been around so long that it's widely understood among administrators from all backgrounds. Its relatively high level of abstraction has also ensured it's remained relevant in the face of new networking paradigms, many of which have targeted Layer 3 and above. An awareness of the seven layers and their responsibilities can still help you appreciate the flow of data through a network while uncovering integration opportunities for new components.

Partner Login
Find a Partner
Become a Partner
Global Partner Program
Technology Partners
Find a Distributor
Support Login
Professional Services
Work With Us
Forcepoint Trust Hub

What is the OSI Model?

The OSI Model Defined

The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to describe the functions of a networking system. The OSI model characterizes computing functions into a universal set of rules and requirements in order to support interoperability between different products and software. In the OSI reference model, the communications between a computing system are split into seven different abstraction layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.

Created at a time when network computing was in its infancy, the OSI was published in 1984 by the International Organization for Standardization (ISO). Though it does not always map directly to specific systems, the OSI Model is still used today as a means to describe Network Architecture.

Protect Your Network Layers with Forcepoint Secure SD-WAN

The 7 Layers of the OSI Model
Physical Layer

The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw unstructured data bits across the network from the physical layer of the sending device to the physical layer of the receiving device. It can include specifications such as voltages, pin layout, cabling, and radio frequencies. At the physical layer, one might find “physical” resources such as network hubs, cabling, repeaters, network adapters or modems.

Data Link Layer

At the data link layer, directly connected nodes are used to perform node-to-node data transfer where data is packaged into frames. The data link layer also corrects errors that may have occurred at the physical layer.

The data link layer encompasses two sub-layers of its own. The first, media access control (MAC), provides flow control and multiplexing for device transmissions over a network. The second, the logical link control (LLC), provides flow and error control over the physical medium as well as identifies line protocols.

Network Layer

The network layer is responsible for receiving frames from the data link layer, and delivering them to their intended destinations among based on the addresses contained inside the frame. The network layer finds the destination by using logical addresses, such as IP (internet protocol). At this layer, routers are a crucial component used to quite literally route information where it needs to go between networks.

Transport Layer

The transport layer manages the delivery and error checking of data packets. It regulates the size, sequencing, and ultimately the transfer of data between systems and hosts. One of the most common examples of the transport layer is TCP or the Transmission Control Protocol.

Session Layer

The session layer controls the conversations between different computers. A session or connection between machines is set up, managed, and termined at layer 5. Session layer services also include authentication and reconnections.

Presentation Layer

The presentation layer formats or translates data for the application layer based on the syntax or semantics that the application accepts. Because of this, it at times also called the syntax layer. This layer can also handle the encryption and decryption required by the application layer.

Application Layer

At this layer, both the end user and the application layer interact directly with the software application. This layer sees network services provided to end-user applications such as a web browser or Office 365. The application layer identifies communication partners, resource availability, and synchronizes communication.

eBook Four Steps to Future-Ready Network Security

Datasheet Forcepoint Next Generation Firewall (NGFW) Datasheet

Webcast Securing the Edge in Higher Education: A Fireside Chat with SUNY Plattsburgh

In This Doc:

Cyberratings: forcepoint enterprise firewall, more from cyber edu.

the session presentation and application layers are the support layers

Cloud Data Protection Importance, Benefits and Solutions

What Is SASE Technology?

What is a SASE Solution?

Artificial Intelligence
Generative AI
Cloud Computing
CPUs and Processors
Data Center
Edge Computing
Enterprise Storage
Virtualization
Internet of Things
Network Management Software
Network Security
Enterprise Buyer’s Guides
United States
Newsletters
Foundry Careers
Terms of Service
Privacy Policy
Cookie Policy
Copyright Notice
Member Preferences
About AdChoices
E-commerce Links
Your California Privacy Rights

Our Network

Computerworld

The OSI model explained and how to easily remember its 7 layers

A tutorial on the open systems interconnection networking reference model and tips on and how to memorize the seven layers.

The Open Systems Interconnect (OSI) model is a conceptual framework that describes networking or telecommunications systems as seven layers, each with its own function.

The layers help network pros visualize what is going on within their networks and can help network managers narrow down problems (is it a physical issue or something with the application?), as well as computer programmers (when developing an application, which other layers does it need to work with?). Tech vendors selling new products will often refer to the OSI model to help customers understand which layer their products work with or whether it works “across the stack”.

The 7 layers of the OSI model

The layers are: Layer 1—Physical; Layer 2—Data Link; Layer 3—Network; Layer 4—Transport; Layer 5—Session; Layer 6—Presentation; Layer 7—Application.

It wasn’t always this way. Conceived in the 1970s when computer networking was taking off, two separate models were merged in 1983 and published in 1984 to create the OSI model that most people are familiar with today. Most descriptions of the OSI model go from top to bottom, with the numbers going from Layer 7 down to Layer 1. The layers, and what they represent, are as follows:

Layer 7 – Application

The Application Layer in the OSI model is the layer that is the “closest to the end user”. It receives information directly from users and displays incoming data to the user. Oddly enough, applications themselves do not reside at the application layer. Instead the layer facilitates communication through lower layers in order to establish connections with applications at the other end. Web browsers (Google Chrome, Firefox, Safari, etc.) TelNet, and FTP, are examples of communications that rely on Layer 7.

Layer 6 – Presentation

The Presentation Layer represents the area that is independent of data representation at the application layer. In general, it represents the preparation or translation of application format to network format, or from network formatting to application format. In other words, the layer “presents” data for the application or the network. A good example of this is encryption and decryption of data for secure transmission; this happens at Layer 6.

Layer 5 – Session

When two computers or other networked devices need to speak with one another, a session needs to be created, and this is done at the Session Layer . Functions at this layer involve setup, coordination (how long should a system wait for a response, for example) and termination between the applications at each end of the session.

Layer 4 – Transport

The Transport Layer deals with the coordination of the data transfer between end systems and hosts. How much data to send, at what rate, where it goes, etc. The best known example of the Transport Layer is the Transmission Control Protocol (TCP), which is built on top of the Internet Protocol (IP), commonly known as TCP/IP. TCP and UDP port numbers work at Layer 4, while IP addresses work at Layer 3, the Network Layer.

Layer 3 – Network

Here at the Network Layer is where you’ll find most of the router functionality that most networking professionals care about and love. In its most basic sense, this layer is responsible for packet forwarding, including routing through different routers . You might know that your Boston computer wants to connect to a server in California, but there are millions of different paths to take. Routers at this layer help do this efficiently.

Layer 2 – Data Link

The Data Link Layer provides node-to-node data transfer (between two directly connected nodes), and also handles error correction from the physical layer. Two sublayers exist here as well–the Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. In the networking world, most switches operate at Layer 2. But it’s not that simple. Some switches also operate at Layer 3 in order to support virtual LANs that may span more than one switch subnet, which requires routing capabilities.

Layer 1 – Physical

At the bottom of our OSI model we have the Physical Layer, which represents the electrical and physical representation of the system. This can include everything from the cable type, radio frequency link (as in a Wi-Fi network), as well as the layout of pins, voltages, and other physical requirements. When a networking problem occurs, many networking pros go right to the physical layer to check that all of the cables are properly connected and that the power plug hasn’t been pulled from the router, switch or computer, for example.

Why you need to know the 7 OSI layers

Most people in IT will likely need to know about the different layers when they’re going for their certifications, much like a civics student needs to learn about the three branches of the US government. After that, you hear about the OSI model when vendors are making pitches about which layers their products work with.

In a Quora post asking about the purpose of the OSI model, Vikram Kumar answered this way:

“The purpose of the OSI reference model is to guide vendors and developers so the digital communication products and software programs they create will interoperate, and to facilitate clear comparisons among communications tools.”

While some people may argue that the OSI model is obsolete (due to its conceptual nature) and less important than the four layers of the TCP/IP model, Kumar says that “it is difficult to read about networking technology today without seeing references to the OSI model and its layers, because the model’s structure helps to frame discussions of protocols and contrast various technologies.”

If you can understand the OSI model and its layers, you can also then understand which protocols and devices can interoperate with each other when new technologies are developed and explained.

The OSI model remains relevant

In a post on GeeksforGeeks, contributor Vabhav Bilotia argues several reasons why the OSI model remains relevant, especially when it comes to security and determining where technical risks and vulnerabilities may exist.

For example, by understanding the different layers, enterprise security teams can identify and classify physical access, where the data is sitting, and provide an inventory of the applications that employees use to access data and resources.

“Knowing where the majority of your company’s data is held, whether on-premises or in cloud services, will help define your information security policy,” writes Bilotia. “You can invest in the correct solutions that provide you data visibility within the proper OSI layers once you have this knowledge.”

In addition, the OSI model can be used to understand cloud infrastructure migrations, particularly when it comes to securing data within the cloud.

And because the model has been around for so long and understood by so many, the uniform vocabulary and terms helps networking professionals understand quickly about the components of the networking system “While this paradigm is not directly implemented in today’s TCP/IP networks, it is a useful conceptual model for relating multiple technologies to one another and implementing the appropriate technology in the appropriate way,” Bilotia writes. We couldn’t agree more.

How to remember the OSI Model 7 layers – 8 mnemonic tricks

If you need to memorize the layers for a college or certification test, here are a few sentences to help remember them in order. The first letter of each word is the same as the first letter an OSI layer.

From Application to Physical (Layer 7 to Layer 1):

All People Seem To Need Data Processing
All Pros Search Top Notch Donut Places
A Penguin Said That Nobody Drinks Pepsi
A Priest Saw Two Nuns Doing Pushups

From Physical to Application (Layer 1 to Layer 7):

Please Do Not Throw Sausage Pizza Away
Pew! Dead Ninja Turtles Smell Particularly Awful
People Don’t Need To See Paula Abdul
Pete Doesn’t Need To Sell Pickles Anymore

Keith Shaw was a Network World editor and the writer of the Cool Tools column. He is now a freelance writer and editor from Worcester, Mass.

More from this author

What is a virtual machine, and why are they so useful, what is a network switch and how does it work, what is zero trust network access, what is sd-wan, and what does it mean for networking, security, cloud, most popular authors.

Elizabeth Montalbano

Show me more

Google unveils next-generation ai chip trillium.

Kyndryl bolsters its Bridge infrastructure services

Compressing files using the zip command on Linux

Has the hype around ‘Internet of Things’ paid off? | Ep. 145

Episode 1: Understanding Cisco’s Converged SDN Transport

Episode 2: Pluggable Optics and the Internet for the Future

Has the hype around ‘Internet of Things’ paid off?

Are unused IPv4 addresses a secret gold mine?

Preparing for a 6G wireless world: Exciting changes coming to the wireless industry

Presentation layer and Session layer of the OSI model

There are two popular networking models: the OSI layers model and the TCP/IP layers model. The presentation layer and session layer exist only in the OSI layers models. The TCP/IP layers model merges them into the application layer.

The Presentation Layer

The presentation layer is the sixth layer of the OSI Reference model. It defines how data and information is transmitted and presented to the user. It translates data and format code in such a way that it is correctly used by the application layer.

It identifies the syntaxes that different applications use and formats data using those syntaxes. For example, a web browser receives a web page from a web server in the HTML language. HTML language includes many tags and markup that have no meaning for the end user but they have special meaning for the web browser. the web browser uses the presentation layer's logic to read those syntaxes and format data in such a way the web server wants it to be present to the user.

On the sender device, it encapsulates and compresses data before sending it to the network to increase the speed and security of the network. On the receiver device, it de-encapsulates and decompresses data before presenting it to the user.

Examples of the presentation layer

Example standards for representing graphical information: JPEG, GIF, JPEG, and TIFF.

Example standards for representing audio information: WAV, MIDI, MP3.

Example standards for representing video information: WMV, MOV, MP4, MPEG.

Example standards for representing text information: doc, xls, txt, pdf.

Functions of the presentation layer

It formats and presents data and information.
It encrypts and compresses data before giving it to the session layer.
It de-encrypts and decompresses the encrypted and compressed data it receives from the session layer.

Session layer

The session layer is the fifth layer of the OSI layers model. It is responsible for initiating, establishing, managing, and terminating sessions between the local application and the remote applications.

It defines standards for three modes of communication: full duplex, half-duplex, and simplex.

In the full duplex mode, both devices can send and receive data simultaneously. The internet connection is an example of the full duplex mode.

In the half duplex mode, only one device can send data at a time. A telephone conversation is an example of the half-duplex mode.

In the simplex mode, only one device can send data. A radio broadcast is an example of the simplex mode.

Functions of the session layer

It is responsible for terminating sessions, creating checkpoints, and recovering data when sessions are interrupted.
It opens and maintains logical communication channels between network applications running on the local host and network applications running on the remote host.
If a network application uses an authentication mechanism before it opens a logical communication channel (session) with the remote host, it handles the authentication process.

Examples of the session layer

Structure Query Language (SQL), Remote Procedure Call (RPC), and Network File System (NFS) are examples of the session layer.

By ComputerNetworkingNotes Updated on 2024-05-05 05:30:01 IST

ComputerNetworkingNotes CCNA Study Guide Presentation layer and Session layer of the OSI model

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us [email protected]

CCNA 200-301

CCNA 200-301 Labs
CCNP 350-401 ENCOR
CCNP 350-401 ENCOR Labs
CCNP 300-410 ENARSI
CCIE Enterprise Infrastructure
Cisco Packet Tracer Lab Course
NRS II IRP Course
NRS II MPLS Course
NRS II Service Architecture
Nokia Configuration Course
Nokia SRC Program
JNCIA Junos
HCIA (HCNA)
HCIA Configuration Course
What is Huawei R&S Certification?
Huawei ICT Certifications
Python Course
IPv6 Course
IP Multicast Course
NRS I Configuration Course
Cisco Packet Tracer How To Guide
Online Courses
Udemy Courses
CCNA Flashcard Questions
Protocol Cheat Sheets
Subnetting Cheat Sheet
Linux Cheat Sheet
Python Cheat Sheet
CLI Commands Cheat Sheets
Miscellaneous Cheat Sheets
Cisco Packet Tracer Labs
Cisco GNS3 Labs
Huawei eNSP Labs
Nokia GNS3 Labs
Short Config Videos
Network Tools
IPCisco on Social Media
Network Engineer Interview Questions
Personality Interview Training
Sign In/Up | Members
Lost password
Sign In/Sign Up
ENROLL HERE

OSI Referance Model

Table of Contents

OSI Model and TCP/IP Model

Computer network communication are a little complex. To understand this communication, experts divides computer network communication into different layers. To do this division, there are two standard models. These models are OSI Model and TCP/IP Model . Both of these models has different layers. OSI Model has 7 layers and TCP/IP model has 4 or 5 layers. Here, we will focus on OSI Reference Model.

As a beginner in networking, OSI Model and TCP/IP Model are very important to understand the network world. These two common standards has also been a classical question of a network engineer technical interviews . These questions are like: What are the layers of OSI Model ? How many Layers does TCP/IP Model has? What is the role of Data Link Layer?, Which devices works on Network Layer? Which protocols are there in Transport layer? etc…

Now, let’s start with the details of OSI Model Layers . In another lesson, we will talk about TCP/IP Model and its layers detailly.

osi-model-osi-reference-model-ipcisco.com

OSI Reference Model is the first term that a network engineer learn in networking. It is generally the first lesson of almost all the certification courses. It is also generally always encountered especially at the technical job interviews of junior network engineers. But OSI Model is only a visionary concept. In real network operations, you will not think about this standard and its layers.

So, what is this Referance Model? What are these OSI Layers ? Below, you can find these layers orderly from starting at the bottom, from Layer 1, to Layer 7, to the top.

Physical Layer (Layer 1)

Data-link Layer (Layer 2)

Network Layer (Layer 3)

Transport layer (layer 4), session layer (layer 5), presentation layer (layer 6), application layer (layer 7).

As you can see, there are 7 layers in OSI Reference Model. The first four layers are the Lower Layers and the last three layers are Upper Layers . If we compare OSI and TCP/IP Models, Lowers layers of these models has some differences, but the application layer of TCP/IP model is similar to the upper layers od OSI model.

So, whats are the roles of each OSI Model Layer ? Lets talk about them one by one detailly

Physical Layer (Layer 1) is the actual connectivity between the source and the destination. It is the layer in which the physical characteristic of the network is defined and bit flow transfer is done. These bits are determined with signals . These signals can be both analog and digital. Electrical signals are used for fixed connections and radio signals are used for wireless connections.

In other words, bit flow is done in this level, in other words meaningful 0 and 1 bits are transferred here. Basically, it is the layer in which bit streams are transferred over different media types. Network cabling , different types of cables and network connectors are on physical layer of OSI Model .

As a simple and old network equipment, simple hubs works in physical layer (layer 1). Because, there are not smart devices and on layer 1, there is no need for a smart device.

Below, you can find operation examples in Layer 1. The upper two are a little complex but the lower two can be a good examples:)

osi-layers-physical-layer-cabling-ipcisco

Data-link Layer (Layer 2)

Data-link Layer (Layer 2) is the medium provision Layer. It defines how data is formatted for the transmission over physical medium. Layer 2 provides, node-to node connectivity. It is also the layer of physical MAC addresses .

The most important devices work on layer 2 of OSI Model is Layer 2 switches . As a network engineer, a network technician or a network admin, you will work on these data-link layer devices too much.

Data Link Layer encapsulates the data by adding a layer 2 header and layer 2 trailer . The data after adding Layer 2 Header and layer 2 trailer is called “ frame ”. Layer 2 header contains source and destination MAC Addresses . So, it is responsible to find the next destination in the network. For decapsulation, it also removes these header and trailer and sends the data to the upper network layer.

Data Link Layer provides Error-free transfer of different categories of data frames. It detects physical layer errors and corrects them.

Different network protocols and standards are used in the different layers of OSI model. You can think them as the groups of rules. According to these protocols and standards, network technologies are used and device configurations are done.

Ethernet is one of the most popular protocol in data link layer. Ethernet is the general name of the standard which is used in our home or office networks. It defines a lot of things like cable types, data speed etc.

There are other protocols and standards in data link layers. Some of them are: PPP, HDLC, FDDI, ATM, Frame Relay.

Data-link Layer has two sub-layers . These layers are:

Media Access Control (MAC) Layer
Logical Link Control (LLC) Layer

The MAC Sub Layer controls how a computer on the network gains access to the data and permission to transmit it. And it carries the physical address of each device on the network.

The Logical Link Control (LLC) responsible for managing frames to upper and lower layers, Flow control mechanism and Error checking.

Network Layer is the layer of logical addressing. This layer decides the logical address of the destination with IP addresses. By doing this, it connects different networks that use different medias each other. These addresses can be IPv4 address or IPv6 address .

Network layer is also responsible for routing . With routing, it decides the path of the packets through the network. In other words, it defines the routers that the data will go through. This is one of the popular areas for network engineers :) So, routing protocols works on layer 3 (network layer).

A Layer 3 Header (IP Header for IP) is added to the data in this layer. After this addition, frame is called as “ packet ”. In this header also the next level protocol is mentioned. It can be any transport layer protocol like, TCP , UDP and SCTP .

Frame fragmentation is also done in this Layer. If a frame is longer than MTU (Maximum Transmission Unit) , then it is fragmented (divided to the little packets).

There are different protocols used in network layer of OSI. Some of these protocols are IPv4, IPv6, ICMP, IPSec, OSPF, BGP etc.

osi-model-layers-ipcisco-layer-3-network-layer

Transport Layer (Layer 4) establishes, maintains and manages end to end secure connection. This layer allows multiple transports on same physical connection.

Transport layer is responsible for end-to-end Error Recovery and Flow Control . Transport Layer is also the Layer that QoS facilities also performed.

Different transport layer protocols are used in this layer. According to used Layer 4 protocol, Layer 4 Header is added to the packet in this Layer. After this the packet called “ segment ”.

There are two common Transport Layer Protocols. These Protocols are UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) . There are also other Transport Layer Protocols like SCTP, RSVP etc. But in CCNA, we will focus on TCP and UDP. We will explain the details of these protocols in the following lessons.

Below, you can find some of TCP layer 4 operations and transport layer protocols comparison.

Session Layer (Layer 5) is the OSI layer, that responsible for session jobs between the end points. It provides session establishment, maintenance and termination. Logging is also done in this layer. One of the other main roles of this session layer is multiplexing transport layer services.

Session layer is mainly used by applications themselves. So, network engineers do not work on this layer. This is the job of application developers.

osi-model-layers-ipcisco-layer-5-session-layer

Presentation Layer (Layer 6) is the Translator of the network. There are many data formats in any network. This layer provides translation between different formats.

For example, image formats like jpeg, gif, voice formats like mp3 and video format like mp4 are all need different behaviors. Presentation layer converts this different data into a readable format.

Encryption and compression of the data are also done in presentation layer (layer 6) of OSI Model.

osi-model-layers-ipcisco-layer-6-presentation-layer

Application Layer (Layer 7) is the closest layer to user. It is the interface between applications and the underlying Layers. It provides the provision of the communication between Applications. Application Layer let programs to reach different network resources.

Some of the protocols used in Application Layer are Telnet, FTP , SMTP, HTTPS, SSL etc. Different services work with these protocols. For example, the browser that you use internet, works with HTTP. By the way, the application itself is not belong to this layer.

osi-model-layers-ipcisco-layer-7-application-layer

Network Devices

As you know in a network there are some common network devices like Hubs, Repeaters, Bridges, Switches and Routers. These devices operates in different Layers of OSI model. Lets check this devices and the Layers they are used.

Everything begins with the data at the Application Layer. Then through out the destination, in each Lower Layer, an additional Header is added to these Data. And at the Physical Layer, all these are send via 1s and 0s as voltages over the cables.

What are these Headers of OSI Model Layers and how effects the data?

At Transport Layer , Layer 4 Header is added. Here the name of “Data and Layer 4 Header” is “ Segment ”.
At Network Layer , Layer 3 Header is added. Here the name of “Data and Layer 3 Header” is “ Packet ”.
At Data-Link Layer , Layer 2 Header is added. Here the name of “Data and Layer 2 Header” is “ Frame ”.
At Physical Layer , all of them is translate to 1s and 0s as voltages.And these values are sent and received over different media types(cables).

IPv4 Addressing

Verify IP Parameters for Client OS
IPv4 vs IPv6 Comparison
Cisco IP Address Configuration
APIPA Address
Private IP Address Ranges
Subnetting Examples
IP Addressing (IPv4)
IP Subnetting and Subnetting Examples

TCP and UDP

TCP Header : Sequence & Acknowledgement Number
TCP Handshake
TCP versus UDP
UDP (User Datagram Protocol)
TCP (Transmission Control Protocol)
TCP Header : TCP Options
TCP Header : TCP Window Size, Checksum & Urgent Pointer
TCP Header : TCP Flags
Voice VLAN Configuration
Packet Tracer VLAN Example 2
How to Configure Cisco VLANs
VTP Configuration with Packet Tracer
VTP (VLAN Trunking Protocol)
DTP and VLAN Frame Tagging protocols ISL, dot1.q
Cisco Packet Tracer VLAN Configuration Example
VLAN Port Assignment and VLAN Port Types
VLANs (Virtual Local Area Networks)

Switching and LANs

Ethernet Basics
Cisco Switch Configuration on Cisco Packet Tracer
MAC Address Lookup
What is a mac address
Local Area Networks
Network Topologies
Hubs, Switches and Routers

Spanning Tree Protocol

Loop Guard, Uplink Fast, Backbone Fast and UDLD
Portfast, Root Guard, BPDU Filter and BPDU Guard
PVST+ and Rapid PVST+
STP (Spanning Tree Protocol) Example on Packet Tracer
RSTP Configuration on Packet Tracer
STP Portfast Configuration with Packet Tracer
Spanning Tree Protocol Operation
Rapid Spanning Tree Protocol (RSTP)
Spanning Tree Protocol (STP)

Neighbor Discovery

LLDP Configuration on Cisco IOS
Neighbour Discovery Protocols
CDP Configuration with Packet Tracer

EtherChannels

PAgP Configuration on Cisco Devices
LACP Configuration on Cisco Devices
Link Aggregation Control Protocol (LACP)

Routing Fundamentals

Route Summarization
Routing Path Determination
Routing Table
Static Routes
IPv4 Floating Static Routes
Inter VLAN Routing Configuration on Packet Tracer
Switch Virtual Interface Configuration on Packet Tracer
Switch Virtual Interfaces
Inter VLAN Routing with Router on Stick
IP and Layer 3 Overview
Static Route Configuration on Cisco Routers
Dynamic Routing Protocols
OSPF Cost and SPF Algorithm
OSPFv3 Configuration Example on Cisco IOS
OSPFv3 (Open Shortest Path First Version 3)
Cisco Single Area OSPF Configuration
Other OSPF Key Points
OSPF Network Types
OSPF Area Types
OSPF LSA Types
OSPF Packet Types
OSPF Adjacency
OSPF(Open Shortest Path First) Overview

WAN (Wide Area Networks)

MLPPP Configuration on Cisco Packet Tracer
What is MLPPP?
Metro Ethernet Technology
WAN and WAN Technologies

DHCP and DNS

DNS Configuration on Cisco Routers
Domain Name System Overview
Router DHCP Configuration with Packet Tracer
DHCP IP Allocation Operation
DHCP (Dynamic Host Configuration Protocol)
NAT (Network Address Translation)
PAT Configuration with Packet Tracer
Dynamic NAT Configuration with Packet Tracer
Static NAT Configuration with Packet Tracer

First Hop Redundancy

HSRP Configuration on Cisco IOS
HSRP (Hot Standby Router Protocol)
First Hop Redundancy Protocols (FHRPs)

Quality of Service

Network Traffic Types
Policing and Shaping in QoS
Classification and Marking in QoS
Quality of Service Overview
Radius Configuration for Wireless Users
Cisco RADIUS Server Configuration on Packet Tracer
TACACS+ Overview
RADIUS Overview
AAA Protocols : RADIUS and TACACS+
Authentication, Authorization, Accounting (AAA)
WLAN Frequency Bands
Other Wireless Network Extention Types
Wireless Principles
WLAN Components
Wireless Network Design Models
WLC Management Access Connections
Wireless Access Point Modes
Wireless Security Protocols
WLAN Configuration on Packet Tracer

Security Fundamentals

DHCP Snooping Configuration on Packet Tracer
Cisco Banner Configuration on Packet Tracer
What is DHCP Snooping?
Access Control Lists
Multifactor Authentication (MFA)
Dynamic ARP Inspection
Cyber Attacks, Network Attacks, Threats and Mitigation
802.1x (Port Based Network Access Control)
Switch Port Security Configuration on Cisco Packet Tracer
Switch Port Security
Extended Access List Configuration With Packet Tracer
Standard Access List Configuration With Packet Tracer
Basic Cisco Router Security Configuration

Automation and Programmability

Ansible vs Puppet vs Chef
Chef Overview
Puppet Overview
Ansible Overview
Network Automation Tools
Interpret JSON Encoded Data
Cisco DNA Center
Cisco SD-Access
Data Serialization Languages: JSON, YAML, XML
Traditional Network Management versus Cisco DNA Center
Cisco DNA and Intent-Based Networking (IBN)
How Network Automation Impacts Network Management

SDN (Software Defined Networking)

What is SDN ?
Traditional Network Drawbacks Versus SDN
What Will SDN Bring?
SDN Architecture Components
SDN Terminology
Virtualization
Virtual Network Structure

Latest Lessons

VLSM Part of: CCNA 200-301
Coaxial Cable Details Part of: CCNA 200-301
IPv4 vs IPv6 Comparison Part of: CCNA 200-301
IGMPv3 Overview Part of: IP Multicast Course
IGMPv3 Overview Part of: CCIE Enterprise Infrastructure
Subnetting IPv6 Part of: CCIE Enterprise Infrastructure
IPv6 and Subnetting Part of: CCNP Enterprise 350-401 ENCOR
IPv6 Link Local Address Type Part of: CCIE Enterprise Infrastructure
Cisco Switch Configuration on Cisco Packet Tracer Part of: CCNA 200-301
Switch Configuration on Cisco Packet Tracer Part of: Cisco Packet Tracer Lab Course
More Lessons

Latest Blog Posts

WHAT YOU WILL FIND?

250.000+ Students All Over The World
8.000+ Questions & Answers
100+ Lab Files & Cheat Sheets
30+ IT/Network Courses
A Real Desire To Help You
Daily Social Media Shares
%100 Satisfaction
CISCO Courses
NOKIA Courses
HUAWEI Courses
JUNIPER Courses
PYTHON Course
KEY Courses
VIDEO Courses
UDEMY Courses
Cheat Sheets
Configuration Files
Interview Questions
IPCisco On Social Media
Pärnu mnt. 139c – 14, 11317, Tallinn, Estonia
[email protected]

Fundamentals of Communications and Networking, 3rd Edition by Michael G. Solomon, David Kim

Get full access to Fundamentals of Communications and Networking, 3rd Edition and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

O SI LAYER 1 (PHYSICAL LAYER) THROUGH LAYER 4 (TRANSPORT LAYER) provide the foundation for sending and receiving data between network nodes. But that’s only part of what you need to support rich networked communications. It’s kind of like driving from one city to another. To get there and back, you’ll need to have roads and bridges to drive on. You need to know the laws governing each state or county along the way, and you need to understand the signs that tell you things like speed limit and highway number. All of these things make up the infrastructure ...

Get Fundamentals of Communications and Networking, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Want to create or adapt books like this? Learn more about how Pressbooks supports open publishing practices.

7. The Application Layer

Chapter objectives.

7-1 Explain the role of client–server architectures at the application layer.
7-2 Analyze an HTTP header , request , and response .
7-3 Summarize the security features of the HTTPS , SSH, and TLS 1.3 protocols.
7-4 Describe the functions and major features of Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) .
7-5 Summarize the functions of the FTP , IMAP , LDAP , POP , SMTP , and SNMP protocols.

Introduction

As we learned earlier in this text, in the client-server architecture , a server provides services to clients that exchange information with it.

Client-Server Overview (MDN). https://developer.mozilla.org/en-US/docs/Learn/Server-side/First_steps/Client-Server_overview.

Clients and servers communicate by exchanging two types of messages (as opposed to a stream of data). The messages sent by the client, such as a Web browser, are called requests and the messages sent by the server as an answer are called responses.

Various types of servers and clients are part of this ecosystem. A web server provides information in response to the query sent by its clients. A print server prints documents sent as queries by the client. When queried, an email server forwards email messages to the designated recipient, while a music server delivers the music requested to the client.

Networked applications do not exchange random messages. In order to ensure that the server is able to understand the queries sent by a client, and also that the client is able to understand the responses sent by the server, they must both agree on a set of syntactic and semantic rules. These rules define the format of the messages exchanged as well as their ordering. This set of rules at the application layer make up an application-level protocol.

An application-level protocol is similar to a structured conversation between humans. Assume that Alice wants to know the current time but does not have a watch. If Bob passes close by, the following conversation could take place:

Alice: Hello Bob: Hello Alice: What time is it ? Bob: 11:55 Alice: Thank you Bob: You’re welcome

Request messages are sent by the client to the server to ask for a service or a resource. Response messages are sent by the server to the client to provide the requested service or resource, or to indicate an error or a status. For example, in the HTTP protocol, the client sends a GET request message to the server to ask for a web page, and the server sends a response message with the web page content or an error code. A complete document is reconstructed from the different sub-documents fetched, for instance, text, layout description, images, videos, scripts, and more.

A Web document is the composition of different resources

Source: An Overview of HTTP. https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview.

Most applications exchange strings that are composed of fixed or variable numbers of characters. A common solution to define the character strings that are acceptable is to define a grammar using a Backus-Naur Form (BNF) such as the Augmented BNF defined in RFC 5234 . A BNF is a set of production rules that generate all valid character strings, and describes the rules and formats (i.e., the syntax) for exchanging messages between applications on different hosts. BNF can help to ensure that the messages are well-formed and unambiguous, and that they can be parsed and interpreted correctly by the applications. BNF can also help to document and standardize application protocols, making them easier to understand and implement by different parties. BNF is widely used to describe the syntax of many common application protocols. We will cover a few of these in this chapter.

Application Layer Protocols

Some common application layer protocols include HTTP, DNS, DHCP, FTP, SMTP SNMP, IMAP/POP, and FTP. HTTPS, TLS, SSL, and DNSSEC are also related to application layer protocols, enabling encryption and authentication between applications on different hosts.

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol (HTTP) is a text-based protocol that governs the movement of web traffic and is the foundation of any data exchange on the Web. A typical request has a method and a path, such as GET /index.html , which retrieves the landing page of a website. Responses have a response code, message, and optionally, some data.

Both requests and responses can take advantage of headers, arbitrary lines of text following the initial request or response. Because headers were designed to be open-ended, many new headers have been added over time. A modern web request/response usually has far more information in the headers than just the basics defined in HTTP 1.1.

HTTP messages, as defined in HTTP/1.1 and earlier, are human-readable. In HTTP/2, these messages are embedded into a binary structure, called a frame , allowing optimizations such as the compression of headers and multiplexing. Even if only part of the original HTTP message is sent in this version of HTTP, the semantics of each message is unchanged and the client reconstitutes (virtually) the original HTTP/1.1 request. Therefore, we find it useful to comprehend HTTP/2 messages in the HTTP/1.1 format.

Unencrypted HTTP traffic is sent over port 80 and is vulnerable to attack as all information is sent in cleartext .

When a client wants to communicate with a server, either the final server or an intermediate proxy, it performs the following steps:

Open a TCP connection : The TCP connection is used to send a request, or several, and receive an answer. The client may open a new connection, reuse an existing connection, or open several TCP connections to the servers.
Send an HTTP message : HTTP messages (before HTTP/2) are human-readable. With HTTP/2, we cannot read the messages directly, but the principle remains the same. For example: GET / HTTP/1.1 Host : developer.mozilla.org Accept-Language : fr
Read the response sent by the server. Here is an example. HTTP/1.1 200 OK Date : Sat, 09 Oct 2010 14:28:02 GMT Server : Apache Last-Modified : Tue, 01 Dec 2009 20:18:22 GMT ETag : "51142bc1-7449-479b075b2891b" Accept-Ranges : bytes Content-Length : 29769 Content-Type : text/html <! DOCTYPE html > … (here come the 29769 bytes of the requested web page)
Close or reuse the connection for further requests.

Below is the format of an example HTTP request:

Source: An Overview of HTTP (https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview)

Requests consist of the following elements:

An HTTP method, usually a verb like GET or POST , or a noun like OPTIONS or HEAD. These defines the operation the client wants to perform. Typically, a client wants to fetch a resource (using GET) or post the value of an HTML form (using POST), though more operations may be needed in other cases.
The path of the resource to fetch, which is the URL of the resource stripped from elements that are obvious from the context, for example, the domain (developer.mozilla.org), or the TCP port (here, 80).
The version of the HTTP protocol.
Optional headers that convey additional information for the servers.
A body, for some methods like POST, similar to those in responses, which contain the resource.

Below is the format of an HTTP response:

An Overview of HTTP (https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview)

Responses consist of the following elements:

The version of the HTTP protocol they follow.
A status code , indicating if the request was successful or not, and why.
A status message, a non-authoritative short description of the status code.
HTTP headers, similar to those for requests.
Optionally, a body containing the fetched resource.

Some standard response codes are shown below.

Hypertext Transfer Protocol Secure (HTTPS)

Hypertext Transfer Protocol Secure (HTTPS) solves the problem of unencrypted traffic by wrapping HTTP requests in TLS, which we will cover at the end of this section. HTTPS traffic uses port 443 and is typically signified in a browser with a lock icon in the upper left-hand corner. By clicking on the icon, users can learn more about the certificates being used for communication. Utilizing a robust PKI (public key infrastructure), HTTPS allows for safe HTTP communication between client and server.

The Domain Name System (DNS)

While RFC 819 discussed the possibility of organizing the names as a directed graph, the Internet opted for a tree structure to contain all names. In this tree, the top-level domains are those that are directly attached to the root. The set of top-level domain-names is managed by the Internet Corporation for Assigned Names and Numbers ( ICANN ), which holds ongoing discussions to increase the number of top-level domains.

Each top-level domain is managed by an organization that decides how sub-domain names can be registered. Most top-level domain names use a first-come first served (FCFS) system, and allow anyone to register domain names, but there are some exceptions. For example, .gov is reserved for the United States government, and .int is reserved for international organizations.

Watch an overview for the DNS tree structure by Barry Brown (CC-BY).

The syntax of the domain names has been defined more precisely in RFC 1035 . This document recommends the following BNF for a fully qualified domain name (the domain names themselves have a much richer syntax).

This grammar specifies that a host name is an ordered list of labels separated by the dot ( . ) character. Each label can contain letters, numbers and the hyphen character ( – ). Fully qualified domain names are read from left to right. The first label is a hostname or a domain name followed by the hierarchy of domains and ending with the root implicitly at the right. The top-level domain name must be one of the registered TLDs.

The Domain Name System was created at a time when the Internet was mainly used in North America. The initial design assumed that all domain names would be composed of letters and digits RFC 1035 . As Internet usage grew in other parts of the world, it became important to support non-ASCII characters. For this, extensions have been proposed to the Domain Name System RFC 3490 . In a nutshell, the solution that is used to support Internationalized Domain Names works as follows. First, it is possible to use most of the Unicode characters to encode domain names and hostnames, with a few exceptions (for example, the dot character cannot be part of a name since it is used as a separator). Once a domain name has been encoded as a series of Unicode characters, it is then converted into a string that contains the xn-- prefix and a sequence of ASCII characters. More details on these algorithms can be found in RFC 3490 and RFC 3492 .

The possibility of using all Unicode characters to create domain names opened a new form of attack called the homograph attack . This attack occurs when two character strings or domain names are visually similar but do not correspond to the same server. A simple example is https://G00GLE.COM and https://GOOGLE.COM . These two URLs are visually close but they correspond to different names (the first one does not point to a valid server). With other Unicode characters, it is possible to construct domain names that are visually equivalent to existing ones.

DNS Resolution

How do client hosts or applications retrieve the mapping for a given name?

DNS resolution of namespaces is the process of finding the IP address of a host based on its domain name. A domain name is a human-readable name that identifies a host on a network, such as www.example.com. Each nameserver stores part of the distributed database and answers the queries sent by clients. There is at least one nameserver that is responsible for each domain. A sub-domain may contain both host names and sub-domains. A namespace is a collection of domain names that are organized in a hierarchical tree structure, such as the DNS namespace. The DNS namespace consists of different levels of domains, such as top-level domains (TLDs), second-level domains, and subdomains. Each domain has one or more name servers that store information about the hosts in that domain. For example, the name server for the .com TLD stores information about all the second-level domains that end with .com, such as example.com.

To resolve a domain name into an IP address, a client needs to query a DNS server. The DNS server can be either a recursive resolver or an authoritative server. A recursive resolver is a server that acts as an intermediary between the client and the authoritative servers. It follows a chain of referrals from the root nameserver to the TLD server to the authoritative server for the queried domain name, and returns the IP address to the client. An authoritative server is a server that hosts a zone, which is a portion of the DNS namespace. It can answer queries for any name in its zone directly, without contacting other servers.

For example, suppose a client wants to resolve www.yahoo.com into an IP address. The client sends a query to its recursive resolver, which then contacts the root nameserver for the DNS namespace. The root nameserver responds with a referral to the .com TLD server. The recursive resolver then contacts the .com TLD server, which responds with a referral to the example.com authoritative server. The recursive resolver then contacts the example.com authoritative server, which responds with the IP address of www.example.com. The recursive resolver then sends the IP address back to the client, which can then connect to the host.

DNS resolvers have several advantages over letting each Internet host directly query nameservers. Firstly, regular Internet hosts do not need to maintain the up-to-date list of the addresses of the root servers. Secondly, regular Internet hosts do not need to send queries to nameservers all over the Internet. Furthermore, as a DNS resolver serves a large number of hosts, it can cache the received answers. This allows the resolver to quickly return answers for popular DNS queries and reduces the load on all DNS servers [JSBM2002] .

See how DNS resolution works, step by step, in this video by Barry Brown (CC-BY).

Benefits of Names

In addition to being more human friendly, using names instead of addresses inside applications has several important benefits. Let’s consider a popular application that provides information stored on servers. The server provides information upon requests from client processes. A first deployment of this application would be to rely only on addresses. In this case, the server process would be installed on one host and the clients would connect to this server to retrieve information. Such a deployment has several drawbacks :

If the server process moves to another physical server, all clients must be informed about the new server address. If there are many concurrent clients, the load of the server will increase without any possibility of adding another server without changing the server addresses used by the clients.

Using names solves these problems. In addition, if the clients are configured with the name of the server, they will query the name service before contacting the server. The name service will resolve the name into the corresponding address. If a server process needs to move from one physical server to another, it suffices to update the name to address mapping on the name service to allow all clients to connect to the new server. The name service also enables the servers to better sustain the load. Assume a very popular server is accessed by millions of users. This service cannot be provided by a single physical server due to performance limitations. Thanks to the utilization of names, it is possible to scale this service by mapping a given name to a set of addresses. When a client queries the name service with the server’s name, the name service returns one of the addresses in the set. Various strategies can be used to select one particular address inside the set of addresses. A first strategy is to select a random address in the set. A second strategy is to maintain information about the load on the servers and return the address of the less loaded server. Note that the list of server addresses does not need to remain fixed. It is possible to add and remove addresses from the list to cope with load fluctuations . Another strategy is to infer the location of the client from the name request and return the address of the closest server.

Mapping a single name onto a set of addresses allows popular servers to dynamically scale. There are also benefits in mapping multiple names, possibly a large number of them, onto a single address. Consider the case of information servers run by individuals or SMEs. Some of these servers attract only a few clients per day. Using a single physical server for each of these services would be a waste of resources. A better approach is to use a single server for a set of services that are all identified by different names. This enables service providers to support a large number of server processes, identified by different names, onto a single physical server. If one of these server processes becomes very popular, it will be possible to map its name onto a set of addresses to be able to sustain the load. This can be done dynamically if needed.

Names provide a lot of flexibility compared to addresses. For the network, they play a similar role as variables in programming languages. No programmer using a high-level programming language would consider using hardcoded values instead of variables. For the same reasons, all networked applications depend on names and abstract the addresses as much as possible.

The official list of top-level domain names is maintained by IANA at http://data.iana.org/TLD/tlds-alpha-by-domain.txt . Until February 2008, the root DNS servers only had IPv4 addresses. IPv6 addresses were slowly added to the root DNS servers to avoid creating problems as discussed in http://www.icann.org/en/committees/security/sac018.pdf . As of February 2021, a few DNS root servers are still not reachable using IPv6. The full list is available at http://www.root-servers.org/.

DNS operates mostly via UDP on port 53. This means that although DNS is designed to be resilient and decentralized but unfortunately, the traffic is not authenticated or encrypted . This has made it a target for MitM attacks. Likewise, cache hits and misses can yield information as to what names have been recently resolved (e,g., as with the Sony Rootkit). The recursive nature of DNS has also allowed for DoS attacks in the past, but much of that has been solved by limiting recursive queries to the user-facing DNS servers (i.e., the one given to you by your DHCP request).

Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications designed to authenticate responses to domain name lookups. This can help prevent MitM attacks by checking the digital signature of the responding server. While this is certainly helpful, it is important to note that DNSSEC does not provide confidentiality. DNS resolutions can still be monitored by anyone who has access to the traffic.

Dynamic Host Configuration (DHCP)

Dynamic Host Configuration Protocol (DHCP) is used to allow new clients on a network obtain an IP address and information about the services provided. IPv4 addresses can be thought of as being in two groups: static addresses and dynamic addresses. Dynamic addresses are distributed by a DHCP server for a particular lease time. When the time is up, the DHCP server may distribute the address to another client. DHCP servers can also give information about proxies, domain name servers (DNSs), gateways, and more.

The DHCP protocol consists of four basic steps:

Discover : The host sends a broadcast message to the network, called a DHCPDISCOVER, to find a DHCP server that can offer an IP address.
Offer : The DHCP server responds to the host with a message, called a DHCPOFFER, that contains an IP address and other parameters, such as subnet mask, default gateway, DNS server, etc.
Request : The host chooses one of the offers and sends a message, called a DHCPREQUEST, to the DHCP server to request the IP address and parameters.
Acknowledge : The DHCP server confirms the request and sends a message, called a DHCPACK, to the host with the IP address and parameters. The host then configures its network interface with the IP address and parameters.

The DHCP protocol also allows hosts to renew or release their IP addresses, and DHCP servers to inform hosts of changes in configuration.

After the discover message and the offer message , more than one server could reply with an offer message. The offer messages include IP addresses but also other options like default gateways, leased time, expiration time, etc. The client must make a decision as to which address or which information to take, and reply with a request message to the chosen server. Finally, the selected server will say, “Okay. I acknowledge your request. Here is the information. Now we start a lease time, and you are the owner of the address temporarily.” This is a DHCP acknowledgment message. The client will see the acknowledgement and will start operating.

If you place a router in the middle of the conversation, routers will not forward local broadcasts. So you must configure that router so that requests and replies can travel back and forth across that router. If you are going to configure a router as a DHCP server, then the router must support DHCP and perform all of these calls.

The process of relaying a message from a host to a remote DHCP server is shown

DHCP Address Allocation

Providing an IP address to a client is the most important task performed by a host configuration protocol. Together with that, we receive information for the network segment, default gateway, DNS servers, domain name, TFTP servers (important in the IP telephony) and so on. To provide flexibility for configuring addresses on different types of clients, the DHCP standard includes three different address allocation mechanisms:

Manual Allocation : Also known as a reservation . A particular IP address is pre-allocated to a single device by an administrator. DHCP only communicates the IP address to the device. The IP address is mapped to the MAC address of the requesting device.
Automatic Allocation : DHCP automatically assigns an IP address permanently to a device, selecting it from the predefined pool of available addresses.
Dynamic Allocation : DHCP assigns an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address (for example, by executing the command “ipconfig /release” under a Windows OS).

In the case where DHCP dynamically assigns IP addresses to hosts, hosts cannot keep addresses indefinitely, as this would eventually cause the server to exhaust its address pool. At the same time, a host cannot be depended upon to give back its address, since it might have crashed, been unplugged from the network, or been turned off. This is why DHCP allows addresses to be leased for some period of time. Once the lease expires, the server is free to return that address to its pool. A host with a leased address clearly needs to renew the lease periodically if in fact it is still connected to the network and functioning correctly.

DHCP illustrates an important aspect of the scaling of network management. While discussions of scaling often focus on keeping the state in network devices from growing too fast, it is important to pay attention to the growth of network management complexity. By allowing network managers to configure a range of IP addresses per network rather than one IP address per host, DHCP improves the manageability of a network.

Note that DHCP may also introduce some more complexity into network management, since it makes the binding between physical hosts and IP addresses much more dynamic. This may make the network manager’s job more difficult if, for example, it becomes necessary to locate a malfunctioning host.

From a security standpoint, someone impersonating a DHCP server can wreak havoc on a network. These rogue DHCP servers can cause traffic to be redirected to initiate MitM attacks or cause DoS attacks. DHCP relies on broadcast Address Resolution Protocol (ARP) messages and does not make use of authentication, meaning that once an attacker is on the same Ethernet segment as the victim machines, all bets are off.

Remote Desktop Protocol (RDP) is build into Windows and is typically used to control a machine remotely. It works over port 3389 via TCP or UDP. While RDP can be quite useful for performing remote administration on a remote machine, it can also be a large security hole if a bad actor gains access. RDP use in ransomware attacks is on the rise as ransomware programs may use RDP to find other machines to attack.

Telnet is an antiquated remote administration tool that gives access to a shell via a cleartext channel. Telnet runs on port 23 and while still occasionally in use, it should largely be phased out. You will still find telnet in embedded applications and legacy systems. You may also see the client being used to inspect other types of traffic. For example, you can use a telnet client to submit HTTP requests or send email via SMTP.

Lightweight Directory Access Protocol (LDAP) is used for accessing and maintaining directory information services. It’s primary use is with Windows Active Directory (AD), where it can be used to obtain information regarding users and resources from an AD server. Clients can authenticate through the server and obtain privileges to read or read/write certain entries. LDAP did not originally support encryption, until LDAP over SSL (LDAPS) was developed. LDAP uses TCP and UPD over port 389 and LDAPS uses TCP over port 636.

Internet Message Access Protocol (IMAP) and Post Office Protocol 3 (POP3) are two protocols used to retrieve email from a server. IMAP is the more recent protocol, and supports saving mail on the server and folders. POP3 is more primitive, supporting only the retrieval (and subsequent deletion from the server) of emails. Both protocols use cleartext and are now commonly run over TLS. POP3 defaults to TCP port 110 or 995 if using TLS. IMAP defaults to TCP port 143 or 993 if using TLS. In the age of webmail, it is easy to forget about these protocols, but a security specialist must keep them in mind as they may still be used in support of corporate devices.

Simple Mail Transfer Protocol (SMTP) is used for sending/forwarding email. As it states, it is a simple protocol consisting of lines of text. Basic SMTP used TCP on port 25. SMTP was later expanded to support authentication and finally wrapped in TLS still using TCP on port 587. SMTP servers accept outgoing mail from (hopefully) authenticated clients, route mail to other SMTP servers based on the Mail Exchange (MX) information in DNS records, and accept mail for their domain from other SMTP servers. Various checks have been implemented in SMTP servers to ensure that messages from domains actually come from those domains. This is largely used to combat spam, which continues to be a problem.

Network Time Protocol (NTP) uses UDP over port 123 to sync the system time with a time server. NTP servers are layered in stratums, with the lowest stratums being closest to the most accurate sources of time, atomic clocks, GPS, etc. NTP is important as many protocols, including several key exchanges, require system clocks to be in sync. System clocks are also used to check when certificates expire and used in logs to indicate when something happened. Without an accurate, synchronized system clock, many things will fail in surprising ways.

File Transfer Protocol is a relatively simple, text-based protocol for sending files between machines. FTP uses TCP on port 21 and traditionally establishes two channels: one for protocol messages, and one binary channel for data. The interesting thing about this setup is that the FTP server would initiate the connection of the data channel from server to client, meaning that in many NAT situations where the client couldn’t be easily reached behind a firewall, it would fail. The solution to this problem was passive FTP, which uses one channel established by the client.

Despite this initial shortcoming, FTP has proven to be incredibly popular and is still used in many corporate environments. You may see FTP being used to transmit bulk data for import to systems or used to update firmware in embedded systems. You can use FTP with a commandline ftp client, a graphical client such as Filezilla or SecureFX, or even in most web browsers with the ftp:// URL scheme.

Unfortunately, FTP does not support authentication systems other than passwords and the passwords are sent in plaintext. As such Secure FTP (SFTP) is recommended. SFTP uses an SSH connection to send and receive files over an encrypted channel. SFTP also supports all SSH authentication methods.

Simple Network Management Protocol (SNMP) is used for gathering information about the workings of a network. It is broken into two groups: clients using UDP port 161 (TLS 10161) and a manager using UDP port 162 (TLS 10162). The manager collects messages from the clients regarding the operations of the network and uses this information to take actions as necessary. SNMP can be used to pass information about the temperature of a machine, how many current connections, real-time channel capacity utilization, etc. SNMP is currently up to version 3, which is encrypted and requires authentication. This is particularly important because SNMP is a very powerful protocol that could exchange potentially valuable information to an attacker. Access to SNMP should be limited and its usage on a network should be monitored.

Secure Shell (SSH) is the most widely deployed remote administration tool. SSH provides access to a shell via an encrypted connection. SSH supports many options including SOCKS5 proxies, port forwarding, and the usage of multiple authentication schemes: password, key, hardware device, etc. SSH uses TCP on port 22.

The Transport Layer Security (TLS) family of protocols were initially proposed under the name Secure Socket Layer (SSL). The first deployments used this name and many researchers still refer to this security protocol as SSL [FKC1996] . In this chapter, we use the official name that was standardized by the IETF: TLS for Transport Layer Security. TLS allows cleartext protocols used on the web to be encrypted. It is a general purpose protocol, designed as a layer through which other protocols communicate. The TLS protocol was designed to be usable by a wide range of applications that use the transport layer to reliably exchange information.

TLS is mainly used over the TCP protocol. TLS is responsible for the encryption and the authentication of the SDUs exchanged by the application layer protocol, while TCP provides the reliable delivery of this encrypted and authenticated bytestream. TLS is used by many different application layer protocols. The most frequent ones are HTTP (HTTP over TLS is called HTTPS), SMTP RFC 3207 or POP and IMAP RFC 2595 , but proprietary application-layer protocols also use TLS [AM2019] . There are also variants of TLS that operate over SCTP RFC 3436 or UDP RFC 6347 , but these are outside the scope of this chapter.

TLS 1.3 is the most current version, but not all websites support it. TLS 1.2 is still considered safe if best practices are followed and TLS 1.1 or lower is considered depreciated.

A TLS session can be initiated in two different ways. First, the application can use a dedicated TCP port number for application layer protocol x-over-TLS. This is the solution used by many HTTP servers that reserve port 443 for HTTP over TLS. This solution works, but it requires reserving two ports for each application: one where the application-layer protocol is used directly over TCP and another one where the application-layer protocol is used over TLS. Given the limited number of TCP ports that are available, this is not a scalable solution. The table below provides some of the reserved port numbers for application layer protocols on top of TLS.

A second approach to initiate a TLS session is to use the standard TCP port number for the application layer protocol and define a special message in this protocol to trigger the start of the TLS session. This is the solution used for SMTP with the STARTTLS message. This extension to SMTP RFC 3207 defines the new STARTTLS command. The client can issue this command to indicate to the server that it wants to start a TLS session as shown in the example below captured during a session on port 25.

For the remainder of this chapter, we assume that the TLS session starts immediately after the establishment of the TCP connection. This corresponds to the deployments on web servers. We focus our presentation of TLS on this very popular use case. TLS is a complex protocol that supports other features than the one used by web servers. A more detailed presentation of TLS may be found in [KPS2002] and [Ristic2015] .

A TLS session is divided in two phases: the handshake and the data transfer . During the handshake, the client and the server negotiate the security parameters and the keys that will be used to secure the data transfer. During the second phase, all the messages exchanged are encrypted and authenticated with the negotiated algorithms and keys.

The TLS Handshake

TLS uses a handshake process to establish a secure session between the server and the browser. During a session, the server and client exchange messages that contain information such as the supported TLS versions, cipher suites, random numbers, certificates, and keys. The basic process is outlined below.

The browser starts the handshake by sending a message to the server with its preferences and a random number. This random number is called a nonce , which means it is only used once in this communication. A nonce helps to prevent replay attacks, where an attacker could reuse old messages to impersonate the browser or the server.
The server replies with its choices and another random number. The server also sends its certificate , which proves its identity and contains its public key .
The browser checks the validity of the server’s certificate and generates a secret key , which it encrypts with the server’s public key. The browser also sends a message that verifies the integrity of the previous messages. The server decrypts the secret key with its private key , and both parties use it to create more keys for encryption and authentication.
The browser and the server exchange messages to confirm that they have the same keys, and that they are ready to encrypt their communication. This is called the Finished message.
The browser and the server can now exchange application data, such as HTTP requests and responses, using symmetric encryption and authentication with the keys they have generated.

The TLS four-way handshake is illustrated in the figure below.

https://en.m.wikipedia.org/wiki/File:Full_TLS_1.2_Handshake.svg

Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) is an important property for key exchange protocols. A protocol provides PFS if its design guarantees that the keys used for former sessions will not be compromised even if the private key of the server is compromised. Recent implementations of TLS prefer ECDHE_RSA or ECDHE_ECDSA encryption when Perfect Forward Secrecy is required.

Two important messages will be sent by the client and the server to conclude the handshake and start the data transfer phase.

The client sends the ChangeCipherSpec message followed by the Finished message. The ChangeCipherSpec message indicates that the client has received all the information required to generate the security keys for this TLS session. This message can also appear later in the session to indicate a change in the encryption algorithms that are used. The Finished message is more important. It confirms to the server that the TLS handshake has been performed correctly and that no attacker has been able to modify the data sent by the client or the server. This is the first message that is encrypted with the selected security keys. It contains a hash of all the messages that were exchanged during the handshake.

The server also sends a ChangeCipherSpec message followed by a Finished message.

TLS Cipher Suites

A TLS cipher suite is usually represented as an ASCII string that starts with TLS and contains the acronym of the key exchange algorithm, the encryption scheme with the key size and its mode of operation and the authentication algorithm. For example, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is a TLS cipher suite that uses the DHE_RSA key exchange algorithm with 128 bits AES in GCM mode for encryption and SHA-256 for authentication. The official list of TLS cipher suites is maintained by IANA. The NULL acronym indicates that no algorithm has been specified. For example, TLS_ECDH_RSA_WITH_NULL_SHA is a cipher suite that does not use any encryption but still uses the ECDH_RSA key exchange and SHA for authentication.

The TLS Record

After the handshake is completed, the client and the server will exchange authenticated and encrypted records. TLS defines different formats for the records depending on the cryptographic algorithms that have been negotiated for the session. A detailed discussion of these different types of records is outside the scope of this introduction. For illustration, we briefly describe one record format.

As other security protocols, TLS uses different keys to encrypt and authenticate records. These keys are derived from the MasterSecret that is either randomly generated by the client after the RSA key exchange or derived from the Diffie Hellman parameters after the DH_RSA key exchange. The exact algorithm used to derive the keys is defined in RFC 5246 .

A TLS record is composed of four different fields :

Type : The most frequent type is application data which corresponds to a record containing encrypted data. The other types are handshake, change_cipher_spec and alert. Protocol Version : This version is composed of two sub fields : a major and a minor version number. Length : A TLS record cannot be longer than 16,384 bytes. TLSPlainText : This contains the encrypted data

TLS supports several methods to encrypt records. The selected method depends on the cryptographic algorithms that have been negotiated for the TLS session. A detailed presentation of the different methods that can be used to produce the TLSPlainText from the user data is outside the scope of this text.

Improving TLS

In 2014, the IETF TLS working group began to develop version 1.3 of the TLS protocol. Their main objectives [Rescorla2015] for this new version were as follows.

Simplify the design by removing unused or unsafe protocol features. Improve the security of TLS by leveraging the lessons learned from TLS 1.2 and documented attacks. Improve the privacy of the protocol. Reduce the latency of TLS.

Since 2014, latency has become an important concern for the performance of web services. With TLS 1.2, the download of a web page requires a minimum of four round-trip-times, one to create the underlying TCP connection, one to exchange the ClientHello/ServerHello, one to exchange the keys and then one to send the HTTP GET and retrieve the response. This can be very long when the server is not near the client. TLS 1.3 aimed at reducing this handshake to one round-trip-time and even zero by placing some of the cryptographic handshake in the TCP handshake.

To simplify both the design and the implementations, TLS 1.3 uses only a small number of cipher suites. Five of them are specified in RFC 8446 and TLS_AES_128_GCM_SHA256 must be supported by all implementations. To ensure privacy, all cipher suites that did not provide Perfect Forward Secrecy have been removed. Compression has also been removed from TLS since several attacks on TLS 1.2 exploited its compression capability RFC 7457 .

By supporting only cipher suites that provide Perfect Forward Secrecy in TLS 1.3, the IETF aims at protecting the privacy of users against a wide range of attacks. However, this choice has resulted in intense debates in some enterprises. Notably in financial organizations, who have deployed TLS, but wish to be able to decrypt TLS traffic for various security-related activities. These enterprises tried to lobby within the IETF to maintain RSA-based cipher suites that do not provide Perfect Forward Secrecy. Their arguments did not convince the IETF. Eventually, these enterprises moved to ETSI, another standardization body, and convinced the IETF to adopt entreprise TLS , a variant of TLS 1.3 that does not provide Perfect Forward Secrecy [eTLS2018] .

There are many more differences between TLS 1.2 and TLS 1.3. Additional details may be found in their respective specifications, RFC 5246 and RFC 8446 .

The sections above are adapted from Computer Systems Security: Planning for Success by Ryan Tolboom is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License , except where otherwise noted.

An architecture for computing that enables the separation of functions between front-end data entry and display (client) and back-end request processing (server) in order to bolster the productivity and efficiency of each. This form of distributed computing aims to spread the workload between two devices connected via a network. A smartphone or computer web browser communicating with a Google web server to return results for a query requesting "what is client-server computing" is an example of the client-server architecture in action.

Sulyman, Shakirat. (2014). Client-Server Model. IOSR Journal of Computer Engineering. 16. 57-71. 10.9790/0661-16195771 .

Refers to information that is not encrypted, and is not expected to be encrypted. An important distinction between cleartext and plaintext is that cleartext is not encrypted at any stage. This is why HTTP traffic sent over port 80 is considered vulnerable.

“What is Cleartext? | Security Encyclopedia.” [Online]. Available: https://www.hypr.com/security-encyclopedia/cleartext . Accessed: Oct. 10, 2023.

The server’s way of responding to the client. The code response is a three-digit integer. The first integer defines the type of response, and the last two are the role of the response. Examples of first value codes are 1xx informational, 2xx success, 3xx redirection, 4xx client error, and 5xx server error.

“A Complete Guide and List of HTTP Status Codes.” Kinsta®, 24 Feb. 2020, https://kinsta.com/blog/http-status-codes/ . Accessed 9 Oct. 2023.

Converts domain names into IP addresses, which allow browsers to get to websites and other Internet resources. Every device on the internet has an IP address, which other devices can use to locate the device. Instead of memorizing a long list of IP addresses, people can simply enter the name of the website, and the DNS gets the IP address for them.

“What is domain name system (DNS)?,” Fortinet, https://www.fortinet.com/resources/cyberglossary/what-is-dns . Accessed Oct. 2, 2023.

An attack leveraged by mistyping or mistakenly entering a domain name that looks the same, but is missing a letter or some other mistake. This attacks occurs when an error in the domain name arrives to a different than expected website, that might contain malicious intentions, leveraging a domain name look-a-like. Umawing, Jovi. “Out of Character: Homograph Attacks Explained | Malwarebytes Labs.” Malwarebytes, 6 Oct. 2017, www.malwarebytes.com/blog/news/2017/10/out-of-character-homograph-attacks-explained . Accessed 10 Oct. 2023.

With a load fluctuation, the load refers to the amount of traffic or activity received by a server. Fluctuations in the amount of data flowing into and out of a server can cause service issues. Often, the term load balancing will be used to address load fluctuation issues, which consists of adding additional servers to a domain.

Tadić, Bosiljka. “Cyclical Trends of Network Load Fluctuations in Traffic Jamming.” Dynamics, vol. 2, no. 4, Dec. 2022, pp. 449–61. DOI.org (Crossref), https://doi.org/10.3390/dynamics2040026 .

A protocol on the application level that allows for the modification and access to emails on a server. IMAP allows for access to the email without download, keeping the email on the server, and preventing potentially compromising downloads.

Glossary — Computer Networking : Principles, Protocols and Practice. https://beta.computer-networking.info/syllabus/default/glossary.html . Accessed 10 Oct. 2023

A group of protocols that provide authentication and encryption for communication between a client and web server. TLS is commonly implemented on the server side to conduct the authentication. Most ecommerce websites use TLS to help protect financial or transactional information that is sent between the client and server.

Regenscheid, Andrew, and Geoff Beier. Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters. NIST Internal or Interagency Report (NISTIR) 7711, National Institute of Standards and Technology, 15 Sept. 2011. csrc.nist.gov , https://doi.org/10.6028/NIST.IR.7711 . Accessed 16 Oct 2023.

Telecommunications and Networking Copyright © by Rita Mitra; Glenn Brown; Melanie Huffman; and Hongyi Zhu is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License , except where otherwise noted.

Share This Book

IMAGES

Application, Presentation and Session Layers
Session Layer Examples
PPT
Session and Presentation layers in the OSI model
PPT
OSI Model Layers and Protocols in Computer Network

VIDEO

Part 1.16
Technical Information (Part
Session, Presentation & Application Layer
A/L ICT
Exposing the Android Camera Stack
Network Architecture: Layers, Protocol, Interface, Peers, Headers

COMMENTS

Session Layer in OSI model
The Session Layer is the 5th layer in the Open System Interconnection (OSI) model. This layer allows users on different machines to establish active communications sessions between them. It is responsible for establishing, maintaining, synchronizing, terminating sessions between end-user applications. In Session Layer, streams of data are ...
The OSI Model's 7 Layers Explained
Layer 5: Session Layer. Managing sessions: It establishes, manages and terminates sessions between applications. This layer ensures that sessions are maintained for the duration of the communication. Coordination: The Session Layer coordinates communication between systems, managing dialogues and synchronizing data exchange. Layer 4: Transport ...
The 7 OSI Networking Layers Explained
Data Link Layer. Network Layer. Transport Layer. Session Layer. Presentation Layer. Application Layer. Summary. The Open Systems Interconnection (OSI) networking model defines a conceptual framework for communications between computer systems. The model is an ISO standard which identifies seven fundamental networking layers, from the physical ...
What is the OSI model? The 7 layers of OSI explained
The presentation layer translates or formats data for the application layer based on the semantics or syntax the application accepts. This layer also handles the encryption and decryption that the application layer requires. Layer 5. The session layer. The session layer sets up, coordinates and terminates conversations between applications. Its ...
The OSI Model & The 7 Layers Explained
In the OSI reference model, the communications between a computing system are split into seven different abstraction layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. Created at a time when network computing was in its infancy, the OSI was published in 1984 by the International Organization for ...
The OSI model explained and how to easily remember its 7 layers
The 7 layers of the OSI model. The layers are: Layer 1—Physical; Layer 2—Data Link; Layer 3—Network; Layer 4—Transport; Layer 5—Session; Layer 6—Presentation; Layer 7—Application. It ...
Application layer
An application layer is an abstraction layer that ... OSI then explicitly distinguishes the functionality of two additional layers, the session layer and presentation ... common application service element sublayer provides services for the application layer and request services from the session layer. It provides support for common application ...
OSI and TCP/IP Model Layers
The Session Layer (Layer 5) Layer 5 of the OSI model is named the session layer and is responsible for session establishment, maintenance and termination (the ability to have multiple devices use a single application from multiple locations). Common examples of session layer protocols are Named Pipes and NetBIOS. The Presentation Layer (Layer 6)
OSI Model: Session, Presentation, and Application Layer (#5, #6, and #7
L5, therefore, takes on data from the transport layer (L4) and forwards it further to the presentation layer (L6) and vice-versa. A. ll the tasks that relate to establishing and maintaining a two-way link for data transfer fall under the scope of the session layer! Layer 6: Presentation layer
Session, Presentation, and Application Layers
Session, Presentation, and Application Layers. Recall that there are two popular network models in use: the OSI Reference Model and the TCP/IP Reference Model. In this chapter you'll learn about the top three layers of the OSI model. Those three OSI layers correspond to the Application Layer (top layer) in the TCP/IP model.
Presentation layer and Session layer of the OSI model
The session layer is the fifth layer of the OSI layers model. It is responsible for initiating, establishing, managing, and terminating sessions between the local application and the remote applications. It defines standards for three modes of communication: full duplex, half-duplex, and simplex. In the full duplex mode, both devices can send ...
OSI model
The session layer is meant to store states between two connections, like what we use cookies for when working with web programming. The presentation layer is meant to convert between different formats. This was simpler when the only format that was worried about was character encoding, ie ASCII and EBCDIC. When you consider all of the different ...
OSI model
The Internet application layer maps to the OSI application layer, presentation layer, and most of the session layer. The TCP/IP transport layer maps to the graceful close function of the OSI session layer as well as the OSI transport layer. The internet layer performs functions as those in a subset of the OSI network layer.
Layer 5, 6, and 7 of the OSI Model
In this video, I will explain the top 3 layers of the OSI Model: the Application Layer, Presentation Layer & Session Layer. In my Playlist, you will find the...
OSI Model (Part 1)
Learn ISO OSI 7 layer network model, OSI Stack, Open System Interconnection model or networking model. Application, Presentation, and Session layers are expl...
OSI Model
Data-link Layer (Layer 2) Network Layer (Layer 3) Transport Layer (Layer 4) Session Layer (Layer 5) Presentation Layer (Layer 6) Application Layer (Layer 7) As you can see, there are 7 layers in OSI Reference Model. The first four layers are the Lower Layers and the last three layers are Upper Layers.
CHAPTER 6 The Session, Presentation, and Application Layers
The Session, Presentation, and Application Layers: CHAPTER 6: ... But that's only part of what you need to support rich networked communications. It's kind of like driving from one city to another. To get there and back, you'll need to have roads and bridges to drive on. You need to know the laws governing each state or county along the ...
cisco
2. The OSI model is a theoretical model, and there aren't any protocols in use today that follow it. So layers 5-7 are just "concepts." In the TCP/IP model (closer to what is actually in use today), there are no session and presentation layers. Everything is simply "application." This question and answer may help you. Share. Improve this answer.
7. The Application Layer
A TLS session can be initiated in two different ways. First, the application can use a dedicated TCP port number for application layer protocol x-over-TLS. This is the solution used by many HTTP servers that reserve port 443 for HTTP over TLS. This solution works, but it requires reserving two ports for each application: one where the ...
Ch. 6: The Session, Presentation, and Application Layers
Study with Quizlet and memorize flashcards containing terms like Introduction, Session, Presentation, and Application Layers, Session Layer: OSI Layer 5 and more. ... to develop a decentralized and fault-tolerant computer network called ARPANET - ARPANET was intended to be a platform to support DoD research and other academic research of ...
Session, Presentation, and Application Layers
The presentation layer is responsible for formatting and converting data and ensuring that the data is presentable for one application through the network to another application. The session layer is responsible for coordinating communication interactions between applications. The reliable transport layer is responsible for segmenting and ...