OSI & TCP/IP Without Confusion

Real-world analogy

What is it?

The OSI and TCP/IP models are mental maps for diagnosing networking issues by isolating the failing layer. They don’t change what happens on the wire; they change how clearly you can think under pressure.

Real-world relevance

A user says ‘I can’t open the portal.’ Ping IP works (L3 OK). DNS resolves (L7 partial). HTTPS connection drops mid-handshake (L6/L4 TLS). Turns out a new firewall rule blocks outbound 443 to that subnet. You narrowed it from ‘app broken’ to ‘firewall policy’ in 2 minutes.

Key points

• OSI in 7 sentences — Layer 1 Physical: cables, radio, pins. Layer 2 Data Link: MAC, switches, VLAN. Layer 3 Network: IP, routers, subnets. Layer 4 Transport: TCP/UDP, ports. Layer 5 Session: connections state. Layer 6 Presentation: encoding/encryption. Layer 7 Application: HTTP, DNS, SMTP.
• TCP/IP in 4 layers — Link (L1+L2) → Internet (L3, IP/ICMP) → Transport (L4, TCP/UDP) → Application (L5-7). TCP/IP is the practical model; OSI is the teaching model. Both are valid; don’t argue.
• The practical shortcut — For most tickets: think physical → network (IP/route) → transport (ports/firewall) → application. If you can draw this in your head, you can diagnose almost anything calmly.
• TCP vs UDP — TCP: reliable, connection-oriented, handshakes, ordered. UDP: fast, connectionless, no guarantees. Email, HTTP(S), SSH → TCP. DNS queries, VoIP media, many game streams → UDP.
• Ports tell you the service — 80 HTTP, 443 HTTPS, 53 DNS, 22 SSH, 25 SMTP, 3389 RDP, 445 SMB, 88 Kerberos, 389 LDAP, 123 NTP. Juniors should know the top 20 cold.
• Encapsulation & decapsulation — Each layer wraps data with its own header as it leaves your machine and unwraps on the way in. A packet capture literally shows this. Knowing this makes Wireshark instantly less scary.
• MTU, MSS, fragmentation — When a packet is too big for a link, it gets fragmented. Misconfigured MTU/MSS causes weird ‘VPN connects but apps fail’ issues. Mostly you won’t fix this — you’ll escalate — but know the name.
• How to say the magic sentence — Instead of ‘it doesn’t work,’ say ‘I can reach layer X but not layer Y — here’s my test.’ That single style upgrade promotes you in interviewers’ minds.

Code example

// Layered triage cheat-script

Physical / Link (L1/L2)
  - Cable/Wi-Fi connected? Link light?
  - Correct VLAN? Correct SSID?

Network (L3)
  - IP sane? ipconfig /all
  - Gateway reachable? ping <gw>
  - Remote reachable? ping <ip>
  - Route sane? route print / tracert

Transport (L4)
  - Port open? Test-NetConnection host -Port 443
  - TCP handshake? (SYN -> SYN/ACK -> ACK)
  - Firewall? ACL?

Application (L5-7)
  - DNS resolving? nslookup / Resolve-DnsName
  - HTTP/HTTPS error? curl -I https://host/
  - Certificate / TLS handshake OK?

Speak in layers:
  "I can ping by IP (L3) but HTTPS fails (L6/L7)."
  "SMB works internally; Kerberos TGT fails (L7 auth)."

Line-by-line walkthrough

1. 1. Layered triage cheat script
2. 2. Physical/link layer checks
3. 3. Cable/Wi-Fi presence
4. 4. VLAN/SSID correctness
5. 5. Blank separator
6. 6. Network layer
7. 7. IP sanity
8. 8. Gateway reachability
9. 9. Remote reachability
10. 10. Path and routing
11. 11. Blank separator
12. 12. Transport layer
13. 13. TCP port test
14. 14. Handshake awareness
15. 15. Firewall consideration
16. 16. Blank separator
17. 17. Application layer
18. 18. DNS resolution
19. 19. HTTP/S response
20. 20. Certificate handshake
21. 21. Blank separator
22. 22. Language tip
23. 23. Example layer-speak line
24. 24. Another layer-speak line

Spot the bug

Ticket: ‘Cannot reach portal.bank.local.’
Junior immediately calls the firewall team.

Explain like I'm 5

Fun fact

Hands-on challenge

More resources

• OSI model (Cloudflare) (Cloudflare Learning)
• OSI vs TCP/IP explained (Practical Networking)
• IANA Service Name and Port Registry (IANA)