ISO/OSI Layers Explained Simply and Technically

If you work in IT or networks, you’ve probably heard of the ISO/OSI model. It may seem like theory for students, but in practice, it’s the foundation for understanding how network communications work. Even if we talk about TCP/IP every day, the ISO/OSI model is still your guide for designing and troubleshooting.

In the 1980s, the International Organization for Standardization (ISO) created the OSI (Open Systems Interconnection) model to organize network communications into seven layers. Each layer has a clearly defined role—from transmitting electrical impulses to displaying data in an application.

This allows us to address problems layer by layer instead of chaotically searching for errors.

Why are the ISO/OSI layers still important in the TCP/IP world?

Today, TCP/IP is the dominant model, but ISO/OSI is still the foundation of theory. It’s like anatomy for a doctor—you might not think about every bone every day, but when something hurts, you need to know where to look for the problem. And that involves understanding what’s happening with communication, from individual bits to packets at the application layer.

We remember that bits are serialized by the interface and sent to the transmission medium as physical voltage levels, light pulses, or changes in electromagnetic frequency. We know that these bits are interpreted by devices and form frames, which are closely related to the type of medium, such as copper Ethernet cable or wireless access. We also know that frames encapsulate packets that are transported from source to destination. All of this creates a logic similar to layers, and each layer can be understood individually.

Let’s look at the layers of the OSI model, their functions, and break it down.

ISO/OSI layers vs TCP/IP layers – what are the differences?

The OSI model has 7 layers, while TCP/IP typically has 4 or 5. In TCP/IP, the session and presentation layers are not separate—they are in the application. But the logic remains similar.

OSI/ISO (7 layers)	TCP/IP (4 layers)
Application	Application
Presentation
Session
Transport	Transport
Network	Internet (IP)
Data Link	Network Access
Physical

ISO/OSI layers – overview and features

Application layer	Your applications: browser (HTTP), Skype, email. Application protocols: HTTP, FTP, SMTP. End applications: browser, email, Skype.
Presentation layer	Translates data into a “language” the application understands (e.g. SSL/TLS encryption here).
Session layer	Maintains the communication session (synchronization, connection management). In practice, you rarely talk about it, but it’s there.
Transport layer	Protocols: TCP (reliable) and UDP (acknowledgement-free, for real-time). TCP – handshake, retransmissions. UDP – VoIP, streaming.
Network layer	IP addresses and routing appear. The router is the hero of this layer. It adds IP addresses and is responsible for routing. Protocol: IP. Device: Router.
Data link layer	Organizes bits into frames. Supports MAC addresses and media access control. Protocol example: Ethernet. Devices: Switch.
Physical layer	Bit transfer: electrical signals, light, radio waves. Examples: copper cable, optical fiber, Wi-Fi. Devices: Hub.

How data travels through OSI/ISO layers – a simple example

You can imagine the layers of the ISO/OSI model as floors in a skyscraper. Each floor is a different layer. Only the top floor is visible to the user, but all levels are equally important to devices.

Imagine this building: Mike on the left sends a “Hello” message to Alice in an application, such as Skype. The application needs to know that to transmit this message, it must be broken down into smaller pieces of data called segments, and then packaged into packets. The computer transmits these packets over a network interface, such as an Ethernet cable. As you already know, the interface encapsulates the packet in a frame and serializes the bits as physical pulses on the wire.

On the receiving end, the process works in reverse: the bits from the wire are interpreted by the network card, which uses the fields in the frame to decapsulate the packet and forward it upstream—all the way to the application layer. In practice, this means that Skype displays a clear “Hello” from Mike to Alice.

Mike sends “Hello” to Alice in Skype:

• Layer 7 (Application): Skype splits the message into data.
• Layer 4 (Transport): TCP segments the data and adds ports.
• Layer 3 (Network): IP adds source and destination addresses.
• Layer 2 (Link): Ethernet adds MAC addresses and creates a frame.
• Layer 1 (Physical): Bits travel over a wire or Wi-Fi.

On the other side, the process reverses – decapsulation all the way to the application.

During transport layer communication, it’s crucial to know what port number the application is listening on. This applies to both TCP and UDP. Port numbers are used on both sides – the sender and the recipient. To establish a connection, the sender sends a TCP segment from a specific source port and forwards it to the recipient’s destination port. Of course, for this to be possible, the sender must also know the recipient’s IP address – and this is the role of the network layer.

TCP segments or UDP datagrams are encapsulated within IP packets. IP packets operate at the network layer, or Layer 3. As you may recall, IP packets contain IP address information in their headers, so the key information at this layer is the IP address. Because transport protocols use port numbers and packets use IP addresses, we have four parameters describing the connection: source IP address, destination IP address, source port, and destination port.

On each host participating in the communication, one port is open for each session and assigned an IP address. The combination of a port number (Layer 4) and an IP address (Layer 3) is called a socket. For example, on Host A, the socket is 192.168.1.10:2000, and on Host B, it is 192.168.1.20:80. These two sockets describe a complete TCP/IP connection.

After encapsulating a TCP segment or UDP datagram into an IP packet, the computer must send this information over the appropriate interface. If it’s an Ethernet interface, the network adapter encapsulates the IP packet into a frame for forwarding.

The finished frame is serialized and transmitted over the wire as voltage pulses.

To summarize: we have communication layers in networks. An application wishing to transmit data uses an application-layer protocol (e.g., HTTP) to organize the data. This protocol is then passed to the transport layer (layer 4), where the data is segmented and, if necessary, its reliable delivery and port number are ensured. Transport segments are handled by IP packets at layer 3, which treat the segments as payload. Once the operating system selects the interface for transmission and an Ethernet adapter, the adapter encapsulates the packet into a frame at the data link layer and sends it to the physical layer for serialization. The reverse process occurs at the recipient’s end – the pulses are interpreted, the frames are reconstructed, the packets are decapsulated, and the data is transmitted upstream to the application, which presents it to the user in a readable format.

What protocols operate at each layer?

Let’s stick with the layered model for a moment. Different communication protocols operate at different, defined layers. Protocols are sets of methods and signaling messages that must be understood and accepted by both parties. Each protocol is closely tied to a specific communication layer. For example, each application, such as Skype or a browser, uses a common set of rules for data transfer. At the application layer, the most common protocol on the Internet is HTTP, and it is responsible for data transfer in end-user applications.

What protocols are used in the other layers?

• Application layer: HTTP, FTP, SMTP.
• Transport layer: TCP, UDP.
• Network layer: IP.
• Data link layer: Ethernet, PPP.
• Physical layer: Wi-Fi protocols, fiber optics.

What is the difference between TCP and UDP protocols?

To send human-readable text to the other party, an application must first instruct the communication stack to divide the message into segments. These segments are managed by the Transmission Control Protocol (TCP) at the transport layer, or Layer 4. Two protocols are most commonly used at this layer: TCP and UDP.

TCP is used in applications that require reliable data delivery, such as web browsing or file transfer. Typical application layer protocols using TCP include HTTP, FTP, and SSH. In TCP communication, each delivered data must be acknowledged by the recipient (acknowledgement). If a segment is not acknowledged, the sender resends it. However, before TCP begins transmitting data, it negotiates connection parameters, such as the maximum segment size. This is accomplished using a mechanism called a three-way handshake, which requires the exchange of three messages.

UDP (User Datagram Protocol), on the other hand, is used in applications that require minimal latency but tolerate some data loss—for example, in video transmissions or real-time voice calls. A typical example is the RTP protocol used in VoIP communications. UDP datagrams are sent one after another, without acknowledgement of receipt.

What devices operate at each layer of the OSI model?

Once you understand network layers and their relationships, it’s a good time to familiarize yourself with the types of network devices, as they perfectly reflect the layered model. The most common devices operate at specific layers of the TCP/IP model. The first example is the hub.

Hub

Hubs are an old solution, rarely used today. A hub works on the principle of signal duplication – when an electrical signal representing bits arrives on one port, it is copied and sent to all other ports, except the one from which it originated. This is pure Layer 1 communication, as the device operates solely on the electrical signal level. A hub understands neither frames nor packets, which causes unnecessary traffic and collisions when multiple devices transmit simultaneously.

Switch

The situation is completely different with an Ethernet switch. A switch understands Ethernet frames, so it operates at Layer 2 of the OSI model. Unlike a hub, it analyzes the MAC addresses in the frame header and forwards them to the appropriate port, based on the MAC address-port binding. Importantly, a switch doesn’t generate unnecessary traffic like a hub! This process is called switching. The switch learns and stores the MAC-port bindings in a memory called TCAM. A classic Layer 2 switch doesn’t analyze IP information—this is handled by the router.

Router

A router is another popular networking device. Routers play a key role in both home networks and carrier networks. They operate at Layer 3, the network layer. Communication at this layer relies on the IP packet header. The router must know where to forward the packet – to do this, it uses a routing table, which stores information about routes and destination networks. This enables data to be transmitted across the Internet and private networks. When an Ethernet frame reaches the router interface, the device removes the frame header, analyzes the destination address from the IP header, and then – after finding a suitable route in the table – encapsulates the packet into a new Ethernet frame and sends it onward.

Let’s analyze the information path in terms of layers. Suppose computer A sends data to computer B on another IP network. The router divides the network into smaller IP segments, as Layer 3 devices do. The packet sent from A is encapsulated in an Ethernet frame and forwarded to B. When the frame reaches the switch port, the switch checks the frame header for the MAC address—in this case, the MAC address of the router’s interface—and sends the frame to the appropriate port. This is a Layer 2 operation, meaning a frame operation.

When the frame reaches the router, the device removes the Ethernet header and examines the IP header to verify the destination address of computer B. After consulting the routing table (a Layer 3 operation), the router knows that computer B’s IP address is reachable through the appropriate interface. The packet is then encapsulated in a new Ethernet frame, this time with the MAC address of computer B, and sent to B. When the frame reaches computer B, decapsulation occurs according to the TCP/IP stacks, down to the application level.

Why is it important to know the ISO/OSI model? Practical lessons and next steps

The ISO/OSI model isn’t just theory—it’s a tool that facilitates network understanding and analysis. Understanding its layers allows network engineers to more effectively diagnose problems, design infrastructure, and speak a common language across the IT industry. In the era of cloud and SDN, these fundamentals remain relevant—because while technology changes, the foundations remain the same.

If you’d like to deepen your knowledge, check out our additional resources.

👉 Check Grandmetric Blog for more practical guides and analyses. Want to learn how to diagnose network problems step by step? Or perhaps you’re interested in security and automation?

👉 Join our newsletter to never miss new articles and practical tips for IT engineers.

👉 Check out Grandmetric network and security training to help you leverage OSI, TCP/IP, and network protocols in your daily work.

And remember the popular acronym: “Please Do Not Throw Sausage Pizza Away” (Physical, Data Link, Network, Transport, Session, Presentation, Application). It really works.