When engineers designed the first computer networks in the 1960s and 70s, every manufacturer built proprietary systems that couldn’t talk to each other. The solution was to create reference models — abstract frameworks that define how networking should work in layers, so that each layer can be developed and replaced independently.
Two models dominate the field: the OSI model (a theoretical reference) and the TCP/IP model (the practical foundation of the Internet). Understanding both is essential for every network programmer, because they provide the vocabulary and mental framework you’ll use for the rest of this book — and your career.
The Open Systems Interconnection (OSI) model was developed by the International Organization for Standardization (ISO) in 1984. It divides network communication into seven layers, each with a distinct responsibility.
| Layer | Name | Function | Example Protocols | PDU |
|---|---|---|---|---|
| 7 | Application | User-facing services and APIs | HTTP, FTP, SMTP, DNS | Data |
| 6 | Presentation | Data encoding, encryption, compression | TLS/SSL, JPEG, ASCII | Data |
| 5 | Session | Session management and synchronization | NetBIOS, RPC | Data |
| 4 | Transport | End-to-end delivery, reliability, flow control | TCP, UDP | Segment / Datagram |
| 3 | Network | Logical addressing and routing | IP, ICMP, OSPF | Packet |
| 2 | Data Link | Physical addressing, framing, error detection | Ethernet, Wi-Fi (802.11) | Frame |
| 1 | Physical | Bit transmission over physical media | Cables, radio, fiber optics | Bits |
When you send a message, it travels down the stack on the sender’s side and up the stack on the receiver’s side. At each layer going down, the data is wrapped in a new header (and sometimes a trailer) — a process called encapsulation.
Application Data
↓ encapsulate
[Transport Header] + Application Data → Segment
↓ encapsulate
[Network Header] + Segment → Packet
↓ encapsulate
[Data Link Header] + Packet + [Trailer] → Frame
↓ encapsulate
Physical bits on the wire → Bits
On the receiving side, each layer strips off its header (decapsulation) and passes the payload up to the next layer.
The application layer is where users and software interact with the network. Protocols here define how applications exchange data: HTTP for web pages, SMTP for email, DNS for name resolution, FTP for file transfers. When you write a Python program that makes an HTTP request, you’re operating at Layer 7.
The presentation layer handles data format translation. It ensures that data sent by one application can be read by another, regardless of internal representation. This includes character encoding (ASCII, UTF-8), data compression, and encryption. In practice, TLS encryption is often cited as a Layer 6 function, though it spans multiple layers.
The session layer manages dialogues between applications. It establishes, maintains, and terminates sessions — logical connections that persist across multiple request-response exchanges. In modern networking, session management is typically handled within the application layer (e.g., HTTP cookies, WebSocket connections), so Layer 5 is less distinct in practice.
The transport layer provides end-to-end communication between processes on different hosts. The two dominant protocols are:
TCP uses a three-way handshake (SYN → SYN-ACK → ACK) to establish connections. UDP simply sends datagrams without setup. Your choice between TCP and UDP fundamentally shapes your application’s behavior.
The network layer handles logical addressing (IP addresses) and routing — determining the best path for packets to travel from source to destination across multiple networks. The Internet Protocol (IP) is the cornerstone of this layer. ICMP (used by ping and traceroute) also operates here.
The data link layer manages communication between devices on the same physical network segment. It uses MAC addresses (hardware addresses burned into network interface cards) to identify devices locally. Ethernet is the dominant Layer 2 protocol for wired networks; Wi-Fi (802.11) serves wireless networks.
This layer also handles error detection using checksums (like CRC) and flow control on the local link.
The physical layer deals with the actual transmission of raw bits over a physical medium — copper cables, fiber optics, or radio waves. It defines electrical voltages, signal timing, cable specifications, and connector types. As a programmer, you rarely interact with Layer 1 directly, but understanding it helps when diagnosing hardware-level issues.
While the OSI model is the theoretical gold standard, the TCP/IP model (also called the Internet model or DoD model) is what the Internet actually runs on. It was developed alongside the ARPANET in the 1970s and consolidated into four layers.
| TCP/IP Layer | OSI Equivalent | Key Protocols |
|---|---|---|
| Application | Layers 5–7 | HTTP, DNS, SMTP, FTP, SSH, TLS |
| Transport | Layer 4 | TCP, UDP |
| Internet | Layer 3 | IP (v4/v6), ICMP, ARP* |
| Network Access | Layers 1–2 | Ethernet, Wi-Fi, PPP |
Note: ARP’s placement is debated — it bridges Layer 2 and Layer 3.
The TCP/IP model is more pragmatic than the OSI model. It merges the top three OSI layers into a single Application layer (since most protocols span those boundaries anyway) and combines the bottom two into Network Access.
When you write a Python program that opens a TCP connection, here’s what happens at each TCP/IP layer:
socket.connect() and sends data via socket.send()Each layer wraps data in its own Protocol Data Unit (PDU). Using the correct PDU terminology helps when reading documentation and debugging:
| Layer | PDU Name | Contains |
|---|---|---|
| Application | Message / Data | Application payload |
| Transport | Segment (TCP) / Datagram (UDP) | Port numbers, sequence numbers, payload |
| Network | Packet | IP addresses, TTL, payload |
| Data Link | Frame | MAC addresses, CRC, payload |
| Physical | Bits | Raw binary signals |
Let’s trace an HTTP request through the full encapsulation process:
1. Application: "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
2. Transport: [TCP Header: src_port=52431, dst_port=80, seq=1, ack=0, flags=PSH+ACK]
+ HTTP data
3. Network: [IP Header: src=192.168.1.42, dst=93.184.216.34, TTL=64, proto=TCP]
+ TCP segment
4. Data Link: [Eth Header: src_mac=aa:bb:cc:dd:ee:ff, dst_mac=00:11:22:33:44:55, type=0x0800]
+ IP packet
+ [CRC Trailer]
5. Physical: 0100111010110001... (electrical signals on copper / light pulses in fiber)
Each layer only reads its own header. A router (Layer 3 device) strips the frame header, reads the IP header to make routing decisions, then re-encapsulates the packet in a new frame for the next hop.
In practice, network professionals mix terminology from both models:
The OSI model is your conceptual map; the TCP/IP model is the territory you’ll actually program.
You can observe the layers in action using standard Linux tools:
# Layer 2 — View your MAC addresses and interfaces
ip link show
# Layer 3 — View your IP addresses
ip addr show
# Layer 3 — View the routing table
ip route show
# Layer 4 — View active TCP/UDP connections
ss -tuln
# Layer 7 — Make an HTTP request and see headers
curl -v http://example.com 2>&1 | head -30
We’ll explore all of these tools in depth throughout the book.
| ← Previous: Introduction | Table of Contents | Next: IP Addressing and IPv6 → |