Now that you understand why networking knowledge is your most powerful weapon, we need a shared language to discuss it. The Open Systems Interconnection (OSI) model is a 7-layer conceptual framework that describes how data moves from an application on one computer to an application on another. Every protocol, every tool, and every attack operates at one or more of these layers. Mastering this model is like learning the periodic table before doing chemistry.
| Layer | Name | Function | Hacker Relevance |
|---|---|---|---|
| 7 | Application | End-user protocols (HTTP, FTP, SMTP, DNS) | Web app attacks, phishing, protocol abuse |
| 6 | Presentation | Data formatting, encryption, compression | SSL/TLS attacks, encoding exploits |
| 5 | Session | Session management, dialog control | Session hijacking, token theft |
| 4 | Transport | Reliable delivery (TCP), fast delivery (UDP) | Port scanning, SYN floods, session hijacking |
| 3 | Network | Logical addressing, routing (IP, ICMP) | IP spoofing, ICMP tunneling, route manipulation |
| 2 | Data Link | Physical addressing (MAC), frame delivery | ARP spoofing, MAC flooding, VLAN hopping |
| 1 | Physical | Raw bit transmission over cable/wireless | Wireless sniffing, cable tapping |
๐ก Mnemonic to remember top-to-bottom: 'All People Seem To Need Data Processing' (Application, Presentation, Session, Transport, Network, Data Link, Physical).
When you send data โ say, an HTTP request โ it starts at Layer 7 and moves downward. At each layer, a header (and sometimes a trailer) is added. By the time the data hits the wire, it has been wrapped in multiple layers of headers. This process is called encapsulation. The receiving machine reverses the process, stripping headers at each layer as data moves back up.
Data Flow (Sender):
[HTTP Data] โ Layer 7: Application
[TCP Header][HTTP Data] โ Layer 4: Transport
[IP Header][TCP][HTTP Data] โ Layer 3: Network
[Eth Header][IP][TCP][HTTP][CRC] โ Layer 2: Data Link
011010010110... โ Layer 1: Physical (bits on wire)While the OSI model is a teaching tool, the real world mostly uses the TCP/IP model, which collapses the 7 layers into 4. You will see both models referenced in documentation, tools, and certifications, so you need to know how they map to each other.
| TCP/IP Layer | OSI Layers Mapped | Key Protocols |
|---|---|---|
| Application | Layers 7, 6, 5 | HTTP, DNS, FTP, SSH, SMTP |
| Transport | Layer 4 | TCP, UDP, SCTP |
| Internet | Layer 3 | IP (v4/v6), ICMP, IGMP |
| Network Access | Layers 2, 1 | Ethernet, Wi-Fi (802.11), ARP |
Every attack targets a specific layer. A SQL injection targets Layer 7 (Application). An ARP spoofing attack targets Layer 2 (Data Link). A SYN flood targets Layer 4 (Transport). When a firewall blocks your attack, understanding the layer tells you why โ and how to pivot. If a Layer 3 filter blocks your ICMP packets, maybe you can tunnel through Layer 7 using DNS instead.
โ ๏ธ Many beginners skip the OSI model because it feels theoretical. This is a mistake. When you are debugging why a reverse shell is not connecting, or why your packet capture looks wrong, the OSI model is your diagnostic roadmap.
Verify exercises to earn โ 120 XP and unlock next lab level.