Complete Distribution of the TCP/IP Protocol Suite in the OSI Model — Understanding Network Protocols at a Glance
This article uses the OSI seven-layer model as a framework, placing each protocol of the TCP/IP suite on the layer where it actually operates, then walks through how the layers cooperate in scenarios like web browsing and email, and covers the diagnostic commands you reach for when something breaks.
What is the OSI Model?
The OSI (Open Systems Interconnection) model slices the network communication process into seven layers. In practice the TCP/IP model is more widely deployed, but the OSI layering is genuinely useful for understanding “what exactly does this protocol own.”
From bottom to top, the seven OSI layers:
- Physical Layer: Transmits raw bit streams
- Data Link Layer: Provides reliable communication between nodes
- Network Layer: Responsible for routing and forwarding
- Transport Layer: Provides end-to-end communication
- Session Layer: Manages session connections
- Presentation Layer: Data format conversion and encryption
- Application Layer: User interface and application protocols
What is the TCP/IP Protocol Suite?
The TCP/IP protocol suite is the set of protocols the Internet actually runs. It is more concise and practical than OSI, typically divided into four layers:
- Application Layer
- Transport Layer
- Network Layer
- Network Interface Layer
Distribution of the TCP/IP Protocol Suite in the OSI Model
First, how data gets encapsulated as it descends the stack. Each layer prepends a header to the upper-layer data, until at the physical layer it becomes a bit stream on the wire.
flowchart TD
A["Application<br/>Data"] --> B["Transport<br/>Segment"]
B --> C["Network<br/>Packet"]
C --> D["Data Link<br/>Frame"]
D --> E["Physical<br/>Bit"]
classDef layer fill:#E3F2FD,stroke:#1565C0,color:#1565C0
class A,B,C,D,E layerThe table below aligns the OSI seven layers, the TCP/IP four layers, and the typical protocols at each layer. It is the master index for the rest of this article.
| OSI Layer | TCP/IP Layer | Typical Protocols |
|---|---|---|
| Application | Application | HTTP, FTP, SMTP, POP3, IMAP4, DNS, DHCP, NFS, SNMP |
| Presentation | Application | SSL/TLS, LDAP |
| Session | Application | RPC, NetBIOS, SMB |
| Transport | Transport | TCP, UDP |
| Network | Network | IP, ICMP, IGMP, OSPF, RIP, BGP, ARP |
| Data Link | Network Interface | Ethernet, PPP, HDLC, Frame Relay, ATM |
| Physical | Network Interface | IEEE 802.3, RS-232, V.35, RJ-45 |
Detailed Protocols by Layer
Application Layer Protocols
The application layer faces user programs directly and has the most protocols.
| Protocol | Purpose | Port | Characteristics |
|---|---|---|---|
| HTTP/HTTPS | Browser ↔ web server communication | 80 / 443 | Request-response, stateless |
| FTP | File transfer between client and server | 20 data / 21 control | Upload, download, delete |
| SMTP | Sending email | 25 | Delivery only; usually paired with POP3/IMAP for receiving |
| TELNET | Remote login | 23 | Unencrypted; superseded by SSH |
| POP3 | Receiving email from server | 110 | Server typically deletes after download |
| IMAP4 | Managing email on the server | 143 | Mail stays on server, multi-device sync |
| DNS | Resolving domain names to IPs | 53 | Distributed naming system; Internet infrastructure |
| DHCP | Auto-assigning IP addresses | 67 server / 68 client | Dynamic address allocation |
| NFS | Network file system sharing | 2049 | Remote files behave as local |
| SNMP | Network device monitoring/management | 161 manager / 162 agent | Collect and configure device info |
A few easy-to-confuse points: SMTP only pushes mail to a server — fetching it is the job of POP3 or IMAP4. POP3 deletes from the server by default after download, while IMAP4 keeps mail on the server, which is what you want for reading the same mailbox across multiple devices. DNS doesn’t belong to any single business protocol; nearly every other protocol relies on it first to resolve a name.
Presentation and Session Layer Protocols
Both layers are merged into the application layer in the TCP/IP model, but conceptually they stay distinct: the presentation layer handles format conversion, encryption, and compression; the session layer handles connection establishment and maintenance.
| Layer | Protocol | Purpose | Key Characteristics |
|---|---|---|---|
| Presentation | SSL/TLS | Encrypted communication channel | Data encryption, authentication, integrity; HTTPS/SMTPS/IMAPS rely on it |
| Presentation | LDAP | Accessing directory services | Port 389 plaintext / 636 encrypted; user auth, address lookup |
| Presentation | RPC | Remote procedure call | Transparently calls functions on another machine, hides networking |
| Session | NetBIOS | Network name and session services | Ports 137-139; early Windows networking |
| Session | SMB | Sharing files, printers, serial ports | Port 445; modern versions support encryption and auth |
Transport Layer Protocols
The transport layer provides end-to-end communication and decides whether data is “reliably delivered” or “sent fast, consequences be damned.” The two core protocols are TCP and UDP.
TCP vs UDP
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented | Connectionless |
| Reliability | Reliable delivery | Unreliable delivery |
| Ordering | Guaranteed order | No order guarantee |
| Speed | Slower | Faster |
| Overhead | Higher | Lower |
| Use Cases | File transfer, web browsing | Real-time video, online gaming, DNS queries |
TCP is reliable because of the three-way handshake at connection setup, acknowledgments and retransmissions during transfer, and the four-way teardown at close. The two diagrams below show these two processes.
TCP Three-Way Handshake (Connection Setup)
Client and server each send a SYN and each reply with an ACK. Only once both sides have confirmed the other’s receive capability is the connection established.
sequenceDiagram
participant C as Client
participant S as Server
C->>S: SYN, seq=x
Note over S: Receives SYN, allocates connection resources
S-->>C: SYN+ACK, seq=y, ack=x+1
Note over C: Confirmed; connection open on client side
C->>S: ACK, ack=y+1
Note over S: Confirmed; connection open on server sideThe third ACK matters because with only two steps the server cannot confirm the client actually received its SYN+ACK — if that packet is lost, the server would hold the half-open connection indefinitely.
TCP Four-Way Teardown (Connection Termination)
Teardown takes one more round than setup because TCP is full-duplex: each side closes its own send channel independently.
sequenceDiagram
participant C as Client
participant S as Server
C->>S: FIN, seq=u
Note over C: Client sends no more data
S-->>C: ACK, ack=u+1
Note over S: Server may still have data to finish
S->>C: FIN, seq=v
Note over S: Server done, requests close
C-->>S: ACK, ack=v+1
Note over C: Waits 2MSL, then fully closesThat window between “ACK” and “FIN” lets the server flush any remaining data — which is why teardown is four steps instead of three like the handshake.
Network Layer Protocols
The network layer handles packet routing and forwarding — the core of the entire network.
| Protocol | Purpose | Key Characteristics |
|---|---|---|
| IP | Transmitting packets across networks | Connectionless, provides logical addressing (IP), IPv4/IPv6 |
| ICMP | Feedback on network conditions | ping, error reporting, path discovery (traceroute relies on it) |
| IGMP | Managing multicast group membership | Used for IP multicast; controls group join/leave |
| OSPF | Interior gateway routing | Dijkstra-based, area partitioning, fast convergence, loop-free |
| RIP | Distance-vector routing | Hop-count metric, max 15 hops, slow convergence |
| BGP | Exterior gateway routing | Path-vector, policy-rich, Internet backbone protocol |
| ARP | IP → MAC resolution | Broadcast request, unicast reply, maintains ARP cache |
The three routing protocols have distinct scopes: OSPF and RIP are both interior gateway protocols (IGP), governing routing within a single autonomous system (AS); BGP is an exterior gateway protocol (EGP), governing routing between ASes, and the entire Internet’s inter-domain connectivity rides on it. Among IGPs, OSPF is link-state (every router knows the full topology and computes shortest paths), whereas RIP is distance-vector (routers only exchange hop-count tables with neighbors) — which is why OSPF converges fast and RIP falls over in large networks.
ARP Resolution Process
ARP translates an IP address into the MAC address the data link layer needs. A host first broadcasts “who has this IP?” across the LAN; the target host recognizes its own IP and unicasts back its MAC, which the requester caches for subsequent use.
sequenceDiagram
participant H as Host 192.168.1.10
participant N as Whole LAN
participant T as Target 192.168.1.5
H->>N: Broadcast ARP request: who is 192.168.1.5?
Note over N: All hosts receive it; only the target replies
T-->>H: Unicast ARP reply: I am, MAC = aa:bb:cc:dd:ee:ff
Note over H: Stored in ARP cache; subsequent traffic uses this MAC directlyThe broadcast is sent only once; all later traffic to the same target uses the cache until the entry expires. This is also exactly why ARP spoofing works — a forged reply overwrites the cached MAC.
Data Link and Physical Layer Protocols
These two layers are close to the hardware: the data link layer frames bits onto a physical link and handles errors, while the physical layer defines electrical signaling and interface standards.
| Layer | Protocol | Purpose | Key Characteristics |
|---|---|---|---|
| Data Link | Ethernet | LAN communication standard | CSMA/CD, multi-rate, de facto LAN standard |
| Data Link | PPP | Point-to-point communication | Serial link, supports multiple network-layer protocols, with auth |
| Data Link | HDLC | Bit-oriented link control | WAN, full-duplex, frame synchronization |
| Data Link | Frame Relay | Packet-switched WAN | Virtual-circuit based, efficient transfer |
| Data Link | ATM | Asynchronous Transfer Mode | Fixed-length cells, multiple service types |
| Physical | IEEE 802.3 | Ethernet physical-layer standard | Twisted pair, fiber, and other media |
| Physical | RS-232 | Serial communication standard | Point-to-point, asynchronous, device connection |
| Physical | V.35 | Broadband transmission interface | High speed, mainly for WAN |
| Physical | RJ-45 | Network connector | 8-pin, Ethernet twisted-pair connection |
Protocol Communication Examples
Web Access Process
How do protocols at each layer work together when you visit a website?
- Application Layer: Browser initiates an HTTP request
- Presentation Layer: If using HTTPS, SSL/TLS encrypts the data
- Session Layer: Establishes and manages session connections
- Transport Layer: TCP protocol ensures reliable data transmission
- Network Layer: IP protocol handles packet routing and forwarding
- Data Link Layer: Ethernet protocol transmits data within the LAN
- Physical Layer: Transmits bit streams through physical media
Email Sending Process
When sending an email:
- Application Layer: MUA (Mail User Agent) sends email via SMTP
- Transport Layer: TCP ensures reliable transmission of email data
- Network Layer: IP protocol routes email data to the target server
- Data Link Layer: Transmits data packets across the network
- Physical Layer: Transmits data through the physical network
Common Network Troubleshooting
Using the ping Command
| |
traceroute Path Tracing
| |
netstat Network Status
| |
tcpdump Packet Analysis
| |
Network Security Considerations
Firewall Configuration
| |
SSL/TLS Configuration
| |
Wrap-Up
The OSI seven layers are the framework for understanding the division of labor among network protocols; the TCP/IP four layers are the implementation that actually runs the Internet. The biggest payoff of layering is that troubleshooting becomes a top-down narrowing exercise — if ping works, the network layer and below are fine; if a port won’t connect, look upward into the transport and application layers. Once you place each protocol on its correct layer, every network problem has a concrete place to start.