How I may help
LinkedIn Profile Email me!
Call me using Skype client on your machine

Reload this page ISO Layers and Protocols

The ISO-OSI 7 layer Reference Model (officially known as ISO Standard 7498, 1984, 7498-1:1994. and CCITT standard X.200) was developed by the Internet Architecture Board and drafted by the IETF.

“It provides a common basis for the coordination of standards development for the purpose of systems interconnection, while allowing existing standards to be placed into perspective within the overall Reference Model. The model identifies areas for developing or improving standards. It does not intend to serve as an implementation specification.”


Topics this page:

  • TCP/IP Architecture
  • Ports
  • More...
  • Related:

  • Network Speeds
  • TCP/IP Addressing
  • Data Communications
  • IT Security Countermeasures
  • Cryptography
  • Secure Emails

    Site Map List all pages on this site 
    About this site About this site 
    Go to first topic Go to Bottom of this page

    Homer Simpson asks “Welcome to the Internet, my friend. How can I help you?”

    Set this at top of window.
    Memonic ISO-OSI Layers Microsoft TCP/IP Protocol
    Allon this page 7. Application Layer Processes using ports within sockets
    API (Applications Programming Interface) 4. Application messages or streams HTTP, S/MIME, Winsock, FTP, NCP, RPC, MS-SMB, MS-CAPIanother page on this site, SET, WAE
    People on this page 6. Presentation Layer
    Encoding and Formatting
    File System Drivers: Network clients using Network File, print, & messaging services DNS, TFTP, DHCP, BOOTP, SNMPanother page on this site, RLOGIN, SMTP, MIME, NFS, FINGER, Telnet, XDR
    Seem on this page 5. Session Layer
    Channels of communication
    NetBIOS/NBT, LPP of X.700 CMIP( CMOT/), Apple

    WSP / WTP

    To on this page 4. Transport Layer Sequence & divide/re-combine packets to assure reliability of connections TDI (Transport Driver “Device” Interface) 3. Transport of protocol packets NetBEUI, DLC, SPX/ NWLink, TCP, UDP, RARP, SOCKS, SSL3/ TLS1, PCT, SChannel, WTLS, WDP
    Need on this page 3. Network Layer
    Addressing & Routinganother page on this site Datagrams through routersanother page on this site
    NDIS (Network Driver Interface Spec) 2. Internet IP datagrams IP, ICMP, IGMP, ARP, RTMP, IPX/ NWLink, ODI, NLSP, IPSec AH, ESP, & IKE, QoS, BAP?
    Data on this page 2. Data Link Layer
    802 sublayers:
    1. Logical Link Control (LLC) and
    2. MAC sublayer through switchesanother page on this site
    Physical (Network Interface Cards/Adapters) 1. Network Access Interface frames map logical IP addresses to physical addresses of devices. RIP, IGRP, EIGRP, ATM, OSPF, SLIP, PPP, PPTP, L2TP, HDLC X.25 Frame Relay
    Processing on this page 1. Physical Layer
    Bits over transmission media cablesanother page on this site

    Go to Top of this page.
    Previous topic this page
    Next topic this page
    Set this at top of window.
      The table above show how the OSI model corresponds to the 4 Layers of the 1981 TCP/IP Core Transport Prototol Conceptual model. Both provide virtual connections this way:

      • Each layer uses the services of the layer below it to transparently send data to a peer layer in a receiving machine. This conceptually hides the technical intricacies of lower layers.
      • Headers are appended (added) to each data package (service data units) by each middle layer.
      • Headers are removed by the same layer in the receiving computer.

      These models provide a common basis for various vendors to use in describing how their products conceptually fit with other products already on the market. For example, IPSecanother page on this site runs at Layer 3, so can carry only IP packets.
      PPTP and L2TP run at Layer 2, so they can carry packets from other protocols (the set of rules governing communication between technical components).

      Cisco calls the upper 4 OSI layers the Host layers responsible for accurate data delivery between end devices.
      Cisco calls the lower 3 OSI layers the Media layers responsible for physical delivery of data over the network.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Application Layer

    Here user applications access file (database), print, messaging (email), and other services plus support error recovery.
    A socket is the combination of IP address and port. The Windows Sockets API access ports in the SERVICES file. (RFC 1700) BSD UNIX was the first to open-read-write-close sockets to perform I/O.

    Among the 1,024 ports historically assigned by the IANA and tracked by, Richard Ackerman, Network Ice, and Neohapsis:
    Server Service Port
    FTP data to clientanother page on this site 20
    FTP for bindingKnoware's FTP program is integrated in MSIE 21
    TFTPanother page on this site 69 ?
    Secure Shell (SSH) 22
    Telnet remote logins 23
    SMTPanother page on this site 25
    timeanother page on this site 37
    SIMAP (IMAP over SSL) 993
    SSMTP (SMTP over SSL) 465
    DNS [RFC 1034 & 1035] 53
    DHCPanother page on this site 68
    Whois 43
    Finger 79
    HTTP Server 80
    Auth 113
    POP3 110
    SPOP3 (POP3 over SSL) 995
    NNTP Network News Transfer Protocol 119
    RPC 135,139,445
    RMI registry 1099
    NetBIOS session service 137 - 139
    Direct Host (NetBIOSv2) TCP/UDP 445
    IMAP 143
    SQLSRV 156
    AD-LDAP 389
    LDAP 1002
    NIX-specific ports 443
    HTTPS (SSL) 512 - 515
    HTTP HTML Browsers 1210
    SOCKS Proxy server 1080
    NIX-based NFS 2049
    mySQL 3306
    Oracle 1521
    PnP 5000
    IRC 6667
    Web caching proxy servers 8080
    Total 65,536 ports (16 bit numbers)
    To check ports used, use netstat -a .

    Microsoft v3.0 of NetBIOS was first developed in 1983 by Sytek for IBM. It has a flat namespace. Its Broadcast makes setup easier.

    Function Command or Diagnostic NT Server Service Winnt\ System32\ Files
    My 15 user/16 system char. NetBIOS Name with seg. Scope ID NBTSTAT -N
    Name Registration Request, Response, Renewal, Release
    My IP Address, Subnet, Gateway? IPCONFIG /all
    Return of subnet indicates a duplicate address
    Register, Renew, Release associations of
    IP Address with NetBIOS Name
    NET USE X: \\server\ ... UNC NBTSTAT -R to puRge, -C to show, then
    CP, Services, Tools, WINS Manager, Mappings, Show Database
    1. Local cache
    2. WINS Windows Internet Name Server (an RFC 1001/2 NetBios Name Server) sends an internet group (of up to 25 domain names) to clients
      Dynamic file Wins\
      Winstmp.mdb, J50.log, J50.chk
    3. Local network broadcast
    4. Static Drivers\Etc\ LMHOSTS.SAM <IP address of> <master browser server NetBIOS name> #PREload #DOM: <remote PDC & BDC NetBIOS name>
    local or remote Hostname (Fully Qualified Domain Name)
    to IP Address
    NSLOOKUP <hostname> gives DNS server & IP address for

    PING <hostname>

    1. same as local?
    2. local (UNIX) HOSTS. file
    3. DNS Server (requested at 5, 10, 20, 40, 5, 10, 20 seconds) resolved iteratively by domain. File CACHE.DNS
    4. WINS NetBIOS-IP cache
    5. Local network Broadcast
    Network to local network Domain ID's - - NETWORKS.
    TCP/IP and IPX/SPX binding to NIC MAC addresses ARP NWLINK CSNW Client Services for NetWare PROTOCOL.
    (RPF 1060)
    Service name to Sockets Port Name NETSTAT - SERVICES.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Presentation Layer

  • Network redirector makes remote printers appear attached
  • character set (ASCII - EBCDIC) conversion
  • interpretation of graphics commands
  • data encryption (scrambling and descrambling the data as it is transmitted and received).
  • data compression (into zip format)

  • Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Session layer

    enable two computers to establish, synchronize, maintain, then end a session.
  • name-to-station address translation,
  • security authentication,
  • connection ID establishment,
  • data transfer (using session),
  • acknowledgements, and
  • connection release.
  • In Windows 9x and before, at the session layer TCP/IP must access the network using NetBT (NetBIOS over TCP/IP).

    Windows 2000 uses WinSock sockets.

    Session layer manages checkpoints to limit re-transmission (which improves thruput).

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Transport layer

    ensures data is delivered error-free by
  • dividing and combining message segments in sequences;
  • resolving logical address/names by starting sessions of TCP or UDP services used for establishing end-to-end connection between Transport Layer peer computers.
  • sends acknowledgement for data packets received;
  • manages error and flow control.


    tool Download TDIMon.exe to monitor TCP/UDP Protocol stack I/O activity TCP/IP Tutorial

  • Connection-oriented TCP Transmission Control Protocol [RFC 793] use 3-way handshaking (acknowledgments and responses) to start and end each session:
    1. Initiating host sends data segment with synchronization SYN flag = on
    2. Receiving host acknowledges with a segment having
      • SYN=on
      • Acknowledged Sequence number of the starting byte for a segment it may send.
      • ACK byte sequence number of the next segment it expects to receive.
    3. Requesting host sends back a segment with the acknowledged sequence number and ACK number.

    in order to guarantee the delivery of packets, in the proper sequence, AND provides a checksum feature that validates both the packet header and its data for accuracy.

    To reduce the impact on performance, most hosts send an acknowledgment for every other segment.

    Netmon Sniffersanother page on this site capture data that travels across the network as packets, each contain:

    • Source address
    • Destination address
    • Protocol headers
    • The actual data payload
    • A cyclical redundancy check, or CRC
    NetBEUI is reroutable outside a segment only on IBM Token Ring networks, not on TCP/IP networks. It starts on Windows 2000 using registry entry

      The NBF is for NetBIOS Frame — Microsoft's implementation of NetBEUI v3, which overcomes the original 254-session connection limit.

    DLC (Data Link Control protocol) used by HP JetDirect cards. It is reroutable on TCP/IP networks.

    UDP (User Datagram Protocol) [RFC 768] supplies IP address & port number of destination makes for a connection-less oriented link with no guarantees that packets were delivered. This is used by applications that don't require ACK of receipt of (usually small amounts of) data. This is faster because of no acknowledgement overhead.

      UDP port 137 - NetBIOS-NS name service

      UDP Port 138 - NetBIOS-DGM datagram service

      UDP Port 69 - TFTP Trivial FTP

      UDP Port 15 - NETSTAT to view a list of all current TCP/IP connections

      UDP port 161 - Under SNMPanother page on this site Simple Network Management Protocol methods, agents (wiring hubs, routers, bridges) act as traps to store information about significant events in a MIB (Management Information Base). SNMP managed devices respond to polling from a Microsoft SMS Systems Management Server in its SNMP community or generate interrupt messages.

      UDP port 162 - SNMP traps received.

      UDP Header Packet Structure: Source Port, Destination Port, Message Length, Checksum

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Network Internet Layer 3

    Handles logical addressing and translates logical names into physical addresses.

    Encapsulates packets into datagrams (small network-transportable packets) using routing algorithms.

    Concerned with routing -- addressing and looking for the best path on which to send information.

    Prioritizes data and other Quality of Service (QoS) functions.

    Connectionless IP sends data to destinations over one or more gateway hops.
    • Gateways: Max 126 character URL Domain name
      • ping IPaddress to verify connections ( loopback to itself)
      • Use ROUTE.EXE to configure static gateways.
      • route -add [destination network address] mask [netmask] [gateway].
      • RIP Routing Internet Protocol and OSPF Open Shortest Path First are two common routing protocols
    • Diskless workstations send RARP Reverse Address Resolution Protocol requests to find IP addresses for a known MAC address.
    • When a host requests communications to be initiated, ARP (Address Resolution Protocol [RFC 826]) obtains hardware MAC (Media Access Control) addresses of destination hosts by examining subnet mask, Routing table, default gateway.
        To collect data packets to analyse them with a spreadsheet program, use Performance Monitor.
      1. ARP checks the subnet mask to see if the address is local or remote.
      2. If Local
        1. host ARP checks own cache for the address of the destination host. NT maintains a separate ARP cache for each IP address requested:
          • Dynamic entries have a potential lifetime of 10 minutes but are automatically deleted after 2 minutes unless Registry parameter ARPCacheLife overrides this default # of Seconds.
          • Static entries remain in cache until computer is restarted
            To manually check the cache: arp -a or arp -g
            To add a static entry to the ARP cache:
            arp -s IPaddress MACaddress
          • Entry can be manually deleted with arp -d
        2. ARP uses address FF FF FF FF FF FF to broadcast a request for the address to all local hosts on the same physical node
        3. Each host on the local network reads the broadcast and ignores it if it doesn't own the IP address requested. If the host sees that it owns the IP address requested, the host sends its hardware address in a reply to the source host.
      3. If Remote
        • Address Resolution:
          1. Source host checks its local ARP routing table for a route to the destination host or network.
          2. If no mapping is found, ARP broadcasts a request to default gateways. If a gateway router responds with the destination host's address, ARP sends the data packet to the responding router. The router then does its own Resolution.
          3. After destination host receives the request, it formulates an ICMP echo reply vice versa.
        • To manually retrieve system information from a remote computer, finger a remote IP address which supports the finger service.
        • To determine what route a packet takes to get from the source to the destination, use Windows TRACERT or UNIX traceroute or Net.Medic from Vital Signs Software.

      4. ICMP (Internet Control Message Protocol [RFC 792] by Jon Postel specifies the Error and Query IP datagrams sent by a gateway:
        • responding to a Ping Echo Request with an Echo reply (The default ping packet-size is set to 64 bytes)
        • or host reporting Destination Unreachable errors
        • reporting IP datagrams (Time Exceeded) timeout (TTL=zero)
        • redirecting hosts to use a router with a better path
        • responding to network congestion by requesting flow control Source Quench to a Host to slow down rate of transmission But multihomed NT's with several NIC cards used as Routers drop packets and do not send Source Quench messages!

          Note: ICMP messages are not generated concerning multicast frames.

          webpage article ICMP Type Numbers assigned by IANA

      5. IGMP (Internet Group Management Protocol [RFC 1112] is used by IP hosts to send (unreliable) IP datagrams to inform multicast routers that hosts of a specific multicast group are available on a given network.

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Data Link
    Layer 2

    Organizes raw data into a logical structure of frames (addressable units of information) thru NIC's fed by Switches and Bridges.

    Concerned with physical (as opposed to network logical) addressing, network topology, line discipline (how end systems will use the network link),

    data transmission synchronization: ordered delivery (sequencing) of frames,

    Flow control: waits for a positive ACK.

    Performs error notification.

    Defines the logical network topology through which frames travel with CRC for error checking.

  • Bridges extend the network and can translate protocols between two mixed protocol networks.
  • Switches (Intelligent hubs such as Cisco's Catalyst product family) contain Application-Specific Integrated Circuits (ASICs) to route Point to Point to individual workstations.

    Switches join groups of ports on a LAN switch to form a Virtual LAN (VLAN). This segmentation separates users and services into smaller groups to reduce broadcast traffic and wasted bandwidth.

    2 sub-layers:

    1. The lower MAC Media Access Control sublayer provides the 48 bit (6 octet) “Physical Address” such as hex 00-10-5A-E2-EF-81 burnt into the ROM on each NIC ( Network Interface Card). The first octet, the OUI (Organizationally Unique Identifier) is issued by the Institute of Electrical and Electronic Engineers (IEEE). For example, “08.00.20” is for Sun Microsystems; “00.00.0C” is for 3Com.

    2. The higher LLC Logical Link Control software driver sublayer ensures that each frame is encapsulated in the correct frame type (such as IEEE 802.2). Two types of LLC sub-layer frames, both containing source and distination Service Access Point (SAP).
      • The Subnetwork Access Protocol (SNAP) sets the Destination and Source SAP fields to AA hex, the Control field to 03, Type code to identify itself and whether the frame is backward compatible to Ethernet Version II. This is used by Apple/Novell's ODI Open Driver Interface.
      • Microsoft's NDIS Network Device Interface Specification uses SAP.

    Carrier Sense Multiple Access
  • CSMA/CA Collision Avoidance sends a signal before broadcasting. Is used by Appletalk.
  • CSMA/CD Collision Detection (a contention method) is used by Ethernet (IEEE 802.3) sends a signal after listening for 9.6 microseconds. If the device detects a collision again, it does exponential back-off—waiting twice as long as the last try to re-transmit the message. Because of attenuation, collision-detection sensing is limited to a distance of 2500 meters (1.5 miles).
  • Token Bus 802.4 & Token Ring IEEE 802.5 for graceful degredation under load

  • Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. Physical
    Layer 1

    Establishes, maintains, and terminates point-to-point data links.

    Signal Encoding: Puts raw data bits on the wire and pulls them off the transmission medium.

    Cables, Connectors, Terminators, Transeivers, Repeaters, Passive Hubs, Active Hubs, Switches send data to specific lines

    Controls the transmission technique, pin layout, and connector type.

    Concerned with voltage levels, data rates, timing of voltage changes.

    Cablinganother page on this site

    LAN Local Area Network: (Windows Explorer Network Neighborhood) baseband Ethernet signaling uses the entire bandwidth. Broadband (802.7) signaling uses only part of the bandwidth, allowing several signals to be sent at the same time (like cable TV).
    • 1972-3, Robert Metcalfe (later co-founder of 3Com) and colleagues at the Xerox Palo Alto Research Center (PARC) designed and announced the first Ethernet network, named the ALTO ALOHA Network.
    • September 1980: Ethernet II 10base5 thicknet thick coax from 2.5 m to 500 m (8.25 to 1,650 feet) The BNC (British Naval Connector) connectors are attached with vampire taps . Transceiver box with Male DIX connectors attach to the server.
    • 1985: 10base2 thinnet IEEE 802.3 thin coax from 2.5 m to 180 m (1992 RFC 1340) bus topology of RG-58AU coaxial cable threads with no more than 30 devices (T-connectors) and electrical Continuity of 50 ohms with a 50 ohm resistor terminator at each end (of which ONLY ONE is earthed). (25+ Ohm impedence between center & shell of T connectors) Minimum 1 meter and maximum 300 meters per cable segment. Volt meters should see -.9 to -1.2 for carrier sense. Variation from this indicates that one or more cards are ignoring the carrier signal. high = -.2 to -.5, low = -1.6 to -1.9, -1.7v on streaming (continuously sending) NIC's. Noise should be lower than 0.04v per cable segment when all workstations are turned off.
    • For both types: Max 4 repeaters (3 with nodes) among 5 segments.
    • 10 Mbps (10baseT) star Hub with (using only lines 1,2,3,6 of) RJ-45 connectors and 22, 23, or 26 AWG American Wire Guage EIA Electrical Industries Association Category 5 data grade UTP Unshielded Twisted Pair cables carrying 85 to 110 ohms as individual segments.
    • 100 Mbps VG Voice Grade AnyLAN of 4 pairs (8 lines) of cat 3-5 UTP max. 250 meters to a cascaded star topology. Uses demand 2 priority access and supports Token Ring packets.
    • 100 Mbps (100baseT4) VG Voice Grade AnyLAN of 4 pairs (8 lines) of cat 3-5 UTP max. 250 meters to a cascaded star topology. Uses demand 2 priority access and supports Token Ring packets.
    • 100baseTX of two pairs cat 5 UTP
    • 10baseFL to Fiber Optic star Hub concentrators of up to 1,024 segments max. 2,000 meters each
    • Segmentation
    • Monitor traffic and TCP/IP statistics with command NETSTAT -e -s
    • IEEE 802.3z and 802.3ab standards for Gigabit Ethernet have been finalized.
  • IEEE 802.5 Token logical Ring uses 9 pin connectors on STP cable set at 4 or 16Mbps reaching IBM 8228 MSAU's Multi Station Access Units .
  • ArcNet token ring max. 121 m between max. 32 stations on UTP 105 Ohm impedence or max. 303 m between 8 nodes on RG-62/U coax cable with 93 Ohm terminators.
  • FDDI IEEE 802.8 sends tokens synchronously (without waiting) thru dual or single MIC's Medium Interface Connectors around primary and counter-rotating secondary rings up to 13 km. Fiber Optic Testing
  • MAN Metropolitan Area Network (TV cable) IEEE 802.6
  • Wireless IEEE 802.11 RadioLAN
  • ATM is an implementation of the Broadband/ISDN protocol. It defines fixed cells, each 53 bytes (5 byes for routing information and 48 bytes data).
  • Infrared Data Association (IrDA) architecture is for the bottom 5 layers.
  • WAN Wide Area Network ( Explorer Internet Neighborhood) requires Windows NT RAS Remote Access Service:
    • Serial lines (RFC 1055) (with modems) over dial-up, digital, or leased lines.
      NT4 doesn't support obsolete UNIX SLIP Serial Line Internet Protocol clients PPP Point to Point datalink protocol [RFC 1547 & 1661] is more secure. L2F. L2TP (Level 2 Tunneling Protocol) [ RFC 2661] supported by Win2K is even better. IANA parameters
    • Packet-switched networks:
      • X.25
      • Frame Relay
      • ATM Asynchronous Transfer Mode constantly transmits delay-sensitive audio, video, data in cells of 53 octets (5 octet header) over fiber optic or copper between switched PPP circuits of a IEEE 802.9 BISDN Broadband Integrated Services Digital Network mbone. Programmers use CAPI to access ISDN cards.
      AS/400 Connectivity

    another page on this siteNetwork Speeds

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Set this at top of window. For More Information ...

    Take the Brainbench certification test on Networking Concepts


    Rich Border by Paul Klee.  Get this print framed on your wall!
    Get this print framed for your wall!

    Go to Top of this page.
    Previous topic this page
    Next topic this page

    Portions ©Copyright 1996-2010 Wilson Mar. All rights reserved. | Privacy Policy |

    How I may help

    Send a message with your email client program

    Your rating of this page:
    Low High

    Your first name:

    Your family name:

    Your location (city, country):

    Your Email address: 

      Top of Page Go to top of page

    Thank you!