Complete Distribution of the TCP/IP Protocol Suite in the OSI Model — Understanding Network Protocols at a Glance

This article uses the OSI seven-layer model as a framework, placing each protocol of the TCP/IP suite on the layer where it actually operates, then walks through how the layers cooperate in scenarios like web browsing and email, and covers the diagnostic commands you reach for when something breaks.

What is the OSI Model?

The OSI (Open Systems Interconnection) model slices the network communication process into seven layers. In practice the TCP/IP model is more widely deployed, but the OSI layering is genuinely useful for understanding “what exactly does this protocol own.”

From bottom to top, the seven OSI layers:

  1. Physical Layer: Transmits raw bit streams
  2. Data Link Layer: Provides reliable communication between nodes
  3. Network Layer: Responsible for routing and forwarding
  4. Transport Layer: Provides end-to-end communication
  5. Session Layer: Manages session connections
  6. Presentation Layer: Data format conversion and encryption
  7. Application Layer: User interface and application protocols

What is the TCP/IP Protocol Suite?

The TCP/IP protocol suite is the set of protocols the Internet actually runs. It is more concise and practical than OSI, typically divided into four layers:

  1. Application Layer
  2. Transport Layer
  3. Network Layer
  4. Network Interface Layer

Distribution of the TCP/IP Protocol Suite in the OSI Model

First, how data gets encapsulated as it descends the stack. Each layer prepends a header to the upper-layer data, until at the physical layer it becomes a bit stream on the wire.

mermaid
flowchart TD
    A["Application<br/>Data"] --> B["Transport<br/>Segment"]
    B --> C["Network<br/>Packet"]
    C --> D["Data Link<br/>Frame"]
    D --> E["Physical<br/>Bit"]
    classDef layer fill:#E3F2FD,stroke:#1565C0,color:#1565C0
    class A,B,C,D,E layer

The table below aligns the OSI seven layers, the TCP/IP four layers, and the typical protocols at each layer. It is the master index for the rest of this article.

OSI LayerTCP/IP LayerTypical Protocols
ApplicationApplicationHTTP, FTP, SMTP, POP3, IMAP4, DNS, DHCP, NFS, SNMP
PresentationApplicationSSL/TLS, LDAP
SessionApplicationRPC, NetBIOS, SMB
TransportTransportTCP, UDP
NetworkNetworkIP, ICMP, IGMP, OSPF, RIP, BGP, ARP
Data LinkNetwork InterfaceEthernet, PPP, HDLC, Frame Relay, ATM
PhysicalNetwork InterfaceIEEE 802.3, RS-232, V.35, RJ-45

Detailed Protocols by Layer

Application Layer Protocols

The application layer faces user programs directly and has the most protocols.

ProtocolPurposePortCharacteristics
HTTP/HTTPSBrowser ↔ web server communication80 / 443Request-response, stateless
FTPFile transfer between client and server20 data / 21 controlUpload, download, delete
SMTPSending email25Delivery only; usually paired with POP3/IMAP for receiving
TELNETRemote login23Unencrypted; superseded by SSH
POP3Receiving email from server110Server typically deletes after download
IMAP4Managing email on the server143Mail stays on server, multi-device sync
DNSResolving domain names to IPs53Distributed naming system; Internet infrastructure
DHCPAuto-assigning IP addresses67 server / 68 clientDynamic address allocation
NFSNetwork file system sharing2049Remote files behave as local
SNMPNetwork device monitoring/management161 manager / 162 agentCollect and configure device info

A few easy-to-confuse points: SMTP only pushes mail to a server — fetching it is the job of POP3 or IMAP4. POP3 deletes from the server by default after download, while IMAP4 keeps mail on the server, which is what you want for reading the same mailbox across multiple devices. DNS doesn’t belong to any single business protocol; nearly every other protocol relies on it first to resolve a name.

Presentation and Session Layer Protocols

Both layers are merged into the application layer in the TCP/IP model, but conceptually they stay distinct: the presentation layer handles format conversion, encryption, and compression; the session layer handles connection establishment and maintenance.

LayerProtocolPurposeKey Characteristics
PresentationSSL/TLSEncrypted communication channelData encryption, authentication, integrity; HTTPS/SMTPS/IMAPS rely on it
PresentationLDAPAccessing directory servicesPort 389 plaintext / 636 encrypted; user auth, address lookup
PresentationRPCRemote procedure callTransparently calls functions on another machine, hides networking
SessionNetBIOSNetwork name and session servicesPorts 137-139; early Windows networking
SessionSMBSharing files, printers, serial portsPort 445; modern versions support encryption and auth

Transport Layer Protocols

The transport layer provides end-to-end communication and decides whether data is “reliably delivered” or “sent fast, consequences be damned.” The two core protocols are TCP and UDP.

TCP vs UDP

FeatureTCPUDP
ConnectionConnection-orientedConnectionless
ReliabilityReliable deliveryUnreliable delivery
OrderingGuaranteed orderNo order guarantee
SpeedSlowerFaster
OverheadHigherLower
Use CasesFile transfer, web browsingReal-time video, online gaming, DNS queries

TCP is reliable because of the three-way handshake at connection setup, acknowledgments and retransmissions during transfer, and the four-way teardown at close. The two diagrams below show these two processes.

TCP Three-Way Handshake (Connection Setup)

Client and server each send a SYN and each reply with an ACK. Only once both sides have confirmed the other’s receive capability is the connection established.

mermaid
sequenceDiagram
    participant C as Client
    participant S as Server
    C->>S: SYN, seq=x
    Note over S: Receives SYN, allocates connection resources
    S-->>C: SYN+ACK, seq=y, ack=x+1
    Note over C: Confirmed; connection open on client side
    C->>S: ACK, ack=y+1
    Note over S: Confirmed; connection open on server side

The third ACK matters because with only two steps the server cannot confirm the client actually received its SYN+ACK — if that packet is lost, the server would hold the half-open connection indefinitely.

TCP Four-Way Teardown (Connection Termination)

Teardown takes one more round than setup because TCP is full-duplex: each side closes its own send channel independently.

mermaid
sequenceDiagram
    participant C as Client
    participant S as Server
    C->>S: FIN, seq=u
    Note over C: Client sends no more data
    S-->>C: ACK, ack=u+1
    Note over S: Server may still have data to finish
    S->>C: FIN, seq=v
    Note over S: Server done, requests close
    C-->>S: ACK, ack=v+1
    Note over C: Waits 2MSL, then fully closes

That window between “ACK” and “FIN” lets the server flush any remaining data — which is why teardown is four steps instead of three like the handshake.

Network Layer Protocols

The network layer handles packet routing and forwarding — the core of the entire network.

ProtocolPurposeKey Characteristics
IPTransmitting packets across networksConnectionless, provides logical addressing (IP), IPv4/IPv6
ICMPFeedback on network conditionsping, error reporting, path discovery (traceroute relies on it)
IGMPManaging multicast group membershipUsed for IP multicast; controls group join/leave
OSPFInterior gateway routingDijkstra-based, area partitioning, fast convergence, loop-free
RIPDistance-vector routingHop-count metric, max 15 hops, slow convergence
BGPExterior gateway routingPath-vector, policy-rich, Internet backbone protocol
ARPIP → MAC resolutionBroadcast request, unicast reply, maintains ARP cache

The three routing protocols have distinct scopes: OSPF and RIP are both interior gateway protocols (IGP), governing routing within a single autonomous system (AS); BGP is an exterior gateway protocol (EGP), governing routing between ASes, and the entire Internet’s inter-domain connectivity rides on it. Among IGPs, OSPF is link-state (every router knows the full topology and computes shortest paths), whereas RIP is distance-vector (routers only exchange hop-count tables with neighbors) — which is why OSPF converges fast and RIP falls over in large networks.

ARP Resolution Process

ARP translates an IP address into the MAC address the data link layer needs. A host first broadcasts “who has this IP?” across the LAN; the target host recognizes its own IP and unicasts back its MAC, which the requester caches for subsequent use.

mermaid
sequenceDiagram
    participant H as Host 192.168.1.10
    participant N as Whole LAN
    participant T as Target 192.168.1.5
    H->>N: Broadcast ARP request: who is 192.168.1.5?
    Note over N: All hosts receive it; only the target replies
    T-->>H: Unicast ARP reply: I am, MAC = aa:bb:cc:dd:ee:ff
    Note over H: Stored in ARP cache; subsequent traffic uses this MAC directly

The broadcast is sent only once; all later traffic to the same target uses the cache until the entry expires. This is also exactly why ARP spoofing works — a forged reply overwrites the cached MAC.

These two layers are close to the hardware: the data link layer frames bits onto a physical link and handles errors, while the physical layer defines electrical signaling and interface standards.

LayerProtocolPurposeKey Characteristics
Data LinkEthernetLAN communication standardCSMA/CD, multi-rate, de facto LAN standard
Data LinkPPPPoint-to-point communicationSerial link, supports multiple network-layer protocols, with auth
Data LinkHDLCBit-oriented link controlWAN, full-duplex, frame synchronization
Data LinkFrame RelayPacket-switched WANVirtual-circuit based, efficient transfer
Data LinkATMAsynchronous Transfer ModeFixed-length cells, multiple service types
PhysicalIEEE 802.3Ethernet physical-layer standardTwisted pair, fiber, and other media
PhysicalRS-232Serial communication standardPoint-to-point, asynchronous, device connection
PhysicalV.35Broadband transmission interfaceHigh speed, mainly for WAN
PhysicalRJ-45Network connector8-pin, Ethernet twisted-pair connection

Protocol Communication Examples

Web Access Process

How do protocols at each layer work together when you visit a website?

  1. Application Layer: Browser initiates an HTTP request
  2. Presentation Layer: If using HTTPS, SSL/TLS encrypts the data
  3. Session Layer: Establishes and manages session connections
  4. Transport Layer: TCP protocol ensures reliable data transmission
  5. Network Layer: IP protocol handles packet routing and forwarding
  6. Data Link Layer: Ethernet protocol transmits data within the LAN
  7. Physical Layer: Transmits bit streams through physical media

Email Sending Process

When sending an email:

  1. Application Layer: MUA (Mail User Agent) sends email via SMTP
  2. Transport Layer: TCP ensures reliable transmission of email data
  3. Network Layer: IP protocol routes email data to the target server
  4. Data Link Layer: Transmits data packets across the network
  5. Physical Layer: Transmits data through the physical network

Common Network Troubleshooting

Using the ping Command

bash
1
2
3
4
5
6
7
8
# Test network connectivity
ping 8.8.8.8

# Specify number of pings
ping -c 4 8.8.8.8

# Specify packet size
ping -s 1024 8.8.8.8

traceroute Path Tracing

bash
1
2
3
4
5
# Linux/macOS
traceroute 8.8.8.8

# Windows
tracert 8.8.8.8

netstat Network Status

bash
1
2
3
4
5
6
7
8
# View all network connections
netstat -an

# View listening ports
netstat -ltn

# View network statistics
netstat -s

tcpdump Packet Analysis

bash
1
2
3
4
5
6
7
8
# Capture traffic on a specific port
tcpdump -i any port 80

# Save captured packets
tcpdump -w capture.pcap

# Read captured packets
tcpdump -r capture.pcap

Network Security Considerations

Firewall Configuration

bash
1
2
3
4
5
6
7
8
9
# Check firewall status
sudo ufw status

# Allow a specific port
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp

# Deny a specific port
sudo ufw deny 443/tcp

SSL/TLS Configuration

bash
1
2
3
4
5
6
# Generate private key and certificate
openssl genrsa -out server.key 2048
openssl req -new -x509 -key server.key -out server.crt -days 365

# View certificate information
openssl x509 -in server.crt -text

Wrap-Up

The OSI seven layers are the framework for understanding the division of labor among network protocols; the TCP/IP four layers are the implementation that actually runs the Internet. The biggest payoff of layering is that troubleshooting becomes a top-down narrowing exercise — if ping works, the network layer and below are fine; if a port won’t connect, look upward into the transport and application layers. Once you place each protocol on its correct layer, every network problem has a concrete place to start.