LinkedIn Hook

Every networking interview eventually asks about the OSI model. Most candidates recite the 7 layer names — and stop there. That is not enough.

Interviewers want to know:

WHY the model exists at all

What actually travels at each layer (PDUs)

How data gets wrapped going down and unwrapped going up

Where real protocols live — and why people get them wrong

I spent years memorizing the layers without understanding them. Then I learned the postal system analogy, and it clicked in 10 minutes.

Here is the full picture — layers, encapsulation, mnemonics, and the questions that actually come up in interviews.

Save this. You will need it.

#networking #osi #interviewprep #softwaredevelopment #backend #computernetworks #sysadmin #devops

OSI Model Overview thumbnail

What You'll Learn

Why the OSI model was created and what problem it solves
All 7 layers — name, number, function, PDU, and key protocols or devices at each layer
How data encapsulation works as a packet travels down the stack on the sender side, and how it is stripped going up on the receiver side
Both direction mnemonics so you can recall the layer order instantly under pressure

The Postal System Analogy

Before touching any technical definitions, picture this scenario.

You want to send a physical letter to a friend in another city. Here is what happens:

You write the letter — that is the message, the content you care about.
You fold it and put it in an envelope — you address it with your friend's name and street address.
You hand it to your local post office — they add a routing label (your city, destination city).
A sorting facility processes it — it groups your letter with others going the same direction.
A truck drives it to the destination city — this is the physical transport.
On the receiving end, each of those steps happens in reverse: the truck arrives, the sorting facility routes it, the local post office delivers it, your friend opens the envelope, reads the letter.

The OSI model works exactly like this. Each layer has a specific job. Layers do not need to know what any other layer is doing — they just handle their own responsibility and pass the data along. This is the entire point of a layered model.

Why a Layered Model Exists

Before the OSI model, networking was the Wild West. Every hardware vendor — IBM, Digital Equipment Corporation, Xerox — built proprietary networking stacks that only talked to their own equipment. If you bought IBM hardware, it only worked with IBM networks.

The International Organization for Standardization (ISO) published the OSI model in 1984 to solve three specific problems:

1. Interoperability — Standardized layers mean that a router from one vendor can communicate with a switch from another vendor, as long as both follow the same layer contracts. You mix hardware freely.

2. Troubleshooting isolation — When a network breaks, the layered model lets you narrow the problem to a specific layer. Ping fails? Start at Layer 1 (is the cable plugged in?), move up to Layer 3 (is routing correct?). Without layers, diagnosing failures would mean checking everything at once.

3. Vendor independence and modular development — Teams can develop Layer 4 transport protocols without caring how Layer 1 physically moves bits. They just need to know the interface contract between layers. This is why TCP/IP was swappable on top of Ethernet, Token Ring, or Wi-Fi — the layers stayed isolated.

The OSI model itself is a reference model, not a strict implementation. The real-world internet runs on the TCP/IP model, which collapses OSI's 7 layers into 4. But every networking interview and certification uses OSI because its 7-layer granularity makes protocols and troubleshooting easier to reason about.

The 7 Layers at a Glance

The OSI model numbers layers from the bottom (hardware) to the top (application). In conversations, you will hear both directions — "Layer 1" and "Layer 7" used as shorthand for the physical and application ends respectively.

Layer 7 — Application

What it does: The layer closest to the end user. It provides network services directly to applications — think of this as the interface between the software you use and the network underneath it.

PDU (Protocol Data Unit): Data

Key protocols: HTTP, HTTPS, FTP, SMTP, DNS, SSH, Telnet, DHCP, SNMP

Devices: Application-layer firewalls, load balancers (L7)

What it is NOT: This layer is not the application itself (your browser, your email client). It is the protocol that application uses to communicate over the network. Chrome is not Layer 7 — HTTP is.

Layer 6 — Presentation

What it does: Translates data between the application and the network. Handles three things: encoding/decoding (e.g., ASCII to binary), compression (reducing data size), and encryption/decryption (SSL/TLS operates conceptually at this layer, though in practice TLS lives between Layer 4 and Layer 7 in TCP/IP).

PDU: Data

Key protocols: SSL/TLS (conceptually), JPEG, MPEG, ASCII, Unicode, JSON, XML

Devices: None specific — handled by software

Common confusion: Many sources place SSL/TLS at Layer 6 because it handles encryption. Others place it at Layer 4 or in a session role. In interviews, saying "TLS is at Layer 6 in the OSI model due to encryption, but it spans Layers 4-7 in practice" shows nuance.

Layer 5 — Session

What it does: Manages sessions — the establishment, maintenance, and termination of communication sessions between two devices. It handles synchronization (checkpoints so a transfer can resume if interrupted) and dialog control (who can transmit at a given moment: simplex, half-duplex, full-duplex).

PDU: Data

Key protocols: NetBIOS, RPC (Remote Procedure Call), PPTP, SIP (Session Initiation Protocol)

Devices: None specific — handled by software

Example: When you stream a video and your connection drops briefly, the session layer's checkpointing is why it can resume rather than restart from zero.

Layer 4 — Transport

What it does: Provides end-to-end communication between processes on different hosts. It handles segmentation (breaking data into segments), flow control (preventing a fast sender from overwhelming a slow receiver), error control (detecting and retransmitting lost segments), and multiplexing (using port numbers to route data to the right process).

PDU: Segment (TCP) / Datagram (UDP)

Key protocols: TCP (Transmission Control Protocol), UDP (User Datagram Protocol)

Devices: None specific — handled by the OS networking stack

TCP vs UDP in one line: TCP guarantees delivery and order. UDP is faster but fire-and-forget.

Layer 3 — Network

What it does: Handles logical addressing and routing — determining the best path for data to travel across multiple networks from source to destination. This is where IP addresses live.

PDU: Packet

Key protocols: IP (IPv4, IPv6), ICMP (used by ping), OSPF, BGP, RIP

Devices: Routers, Layer 3 switches

Key insight: Routers operate at Layer 3. They read IP addresses and make forwarding decisions. Switches (standard) operate at Layer 2 and read MAC addresses — they do not route between networks.

Layer 2 — Data Link

What it does: Handles node-to-node delivery of data on the same local network. It provides framing (packaging bits into frames), MAC addressing (physical hardware addresses), error detection (CRC — Cyclic Redundancy Check), and access control (deciding who gets to use the shared medium, via protocols like CSMA/CD).

PDU: Frame

Key protocols: Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), ARP (Address Resolution Protocol), PPP, HDLC

Devices: Switches, bridges, NICs (Network Interface Cards)

Sublayers: Layer 2 has two sublayers — MAC (Media Access Control) handles addressing and channel access; LLC (Logical Link Control) handles error checking and flow control toward Layer 3.

Layer 1 — Physical

What it does: Transmits raw bits over a physical medium. It defines electrical signals, light pulses (fiber optic), or radio waves (Wi-Fi). It specifies cable types, connector standards, voltage levels, pin layout, and transmission rates.

PDU: Bit

Key protocols/standards: Ethernet physical standards (10BASE-T, 1000BASE-T), USB, Bluetooth (physical layer), RS-232, DSL, SONET

Devices: Hubs, repeaters, cables (coaxial, twisted pair, fiber), modems, network interface cards (physical layer aspect)

Hub vs Switch: A hub operates at Layer 1 — it broadcasts every bit to all ports and does not read addresses. A switch operates at Layer 2 — it reads MAC addresses and forwards frames only to the correct port.

Data Encapsulation — How Data Wraps Going Down and Unwraps Going Up

Encapsulation is what actually happens when you send data. Each layer adds its own header (and sometimes a trailer) before passing the data to the layer below. Going up the stack on the receiver side, each layer strips its own header.

Sender — Going Down the Stack

Picture the message "Hello, world" being sent via HTTP:

Layer 7 (Application)  — "Hello, world" is the data payload
Layer 6 (Presentation) — Data may be encoded or encrypted. Still called "data"
Layer 5 (Session)      — Session information added. Still called "data"
Layer 4 (Transport)    — TCP header added (source port, dest port, seq number) → now a SEGMENT
Layer 3 (Network)      — IP header added (source IP, dest IP) → now a PACKET
Layer 2 (Data Link)    — Frame header + trailer added (MAC addresses, CRC) → now a FRAME
Layer 1 (Physical)     — Frame converted to bits (electrical signals / light pulses) → BITS on the wire

Each layer wraps the layer above's data like a Russian nesting doll. The TCP segment becomes the payload inside an IP packet. The IP packet becomes the payload inside an Ethernet frame. The frame becomes bits on the wire.

Receiver — Going Up the Stack

On the receiving end, the process reverses exactly:

Layer 1 (Physical)  — Bits received from the wire, assembled into a frame
Layer 2 (Data Link) — Frame header and trailer stripped; MAC address verified → PACKET passed up
Layer 3 (Network)   — IP header stripped; destination IP verified → SEGMENT passed up
Layer 4 (Transport) — TCP header stripped; data assembled in order → DATA passed up
Layer 5 (Session)   — Session context checked
Layer 6 (Presentation) — Data decoded or decrypted
Layer 7 (Application) — Application receives "Hello, world"

Each layer only reads and processes its own header — it treats everything else as opaque payload. A router operating at Layer 3 reads the IP header but does not care about the TCP segment inside.

Mnemonics to Remember the Layer Order

Top-Down (Layer 7 to Layer 1) — "Please Do Not Throw Sausage Pizza Away"

Mnemonic Word	Layer Number	Layer Name
Please	7	Application
Do	6	Presentation
Not	5	Session
Throw	4	Transport
Sausage	3	Network
Pizza	2	Data Link
Away	1	Physical

Bottom-Up (Layer 1 to Layer 7) — "All People Seem To Need Data Processing"

Mnemonic Word	Layer Number	Layer Name
All	1	Physical
People	2	Data Link
Seem	3	Network
To	4	Transport
Need	5	Session
Data	6	Presentation
Processing	7	Application

Use the top-down mnemonic when you want to start from the user perspective (application first). Use the bottom-up mnemonic when talking about how data physically travels (signal first). Interviews can ask either direction — know both.

Code Example

This Node.js script simulates OSI encapsulation conceptually — each function represents a layer wrapping the data with its own header before passing it down.

// osi-encapsulation.js
// Conceptual simulation of OSI layer-by-layer encapsulation (sender side)
// Run with: node osi-encapsulation.js

function applicationLayer(message) {
  // Layer 7: Application — raw user data, e.g., an HTTP request body
  const data = {
    layer: 7,
    name: "Application",
    pdu: "Data",
    payload: message,
  };
  console.log(`[L7 Application] Passing data to Presentation layer`);
  return presentationLayer(data);
}

function presentationLayer(data) {
  // Layer 6: Presentation — encode/encrypt the data
  const encoded = {
    layer: 6,
    name: "Presentation",
    pdu: "Data",
    encoding: "UTF-8",
    encrypted: false,
    payload: data,
  };
  console.log(`[L6 Presentation] Encoded payload, passing to Session layer`);
  return sessionLayer(encoded);
}

function sessionLayer(data) {
  // Layer 5: Session — attach session ID to track the conversation
  const sessionId = `sess-${Math.random().toString(36).slice(2, 9)}`;
  const session = {
    layer: 5,
    name: "Session",
    pdu: "Data",
    sessionId,
    payload: data,
  };
  console.log(`[L5 Session] Session ID: ${sessionId}, passing to Transport layer`);
  return transportLayer(session);
}

function transportLayer(data) {
  // Layer 4: Transport — add TCP header (source port, dest port, sequence number)
  const segment = {
    layer: 4,
    name: "Transport",
    pdu: "Segment",
    protocol: "TCP",
    sourcePort: 54321,
    destPort: 443,
    sequenceNumber: 1,
    payload: data,
  };
  console.log(`[L4 Transport] TCP Segment created (port ${segment.sourcePort} → ${segment.destPort})`);
  return networkLayer(segment);
}

function networkLayer(data) {
  // Layer 3: Network — add IP header (source IP, destination IP)
  const packet = {
    layer: 3,
    name: "Network",
    pdu: "Packet",
    protocol: "IPv4",
    sourceIP: "192.168.1.10",
    destIP: "93.184.216.34",
    ttl: 64,
    payload: data,
  };
  console.log(`[L3 Network] IP Packet created (${packet.sourceIP} → ${packet.destIP})`);
  return dataLinkLayer(packet);
}

function dataLinkLayer(data) {
  // Layer 2: Data Link — wrap in Ethernet frame with MAC addresses and CRC trailer
  const frame = {
    layer: 2,
    name: "Data Link",
    pdu: "Frame",
    protocol: "Ethernet",
    sourceMAC: "AA:BB:CC:DD:EE:FF",
    destMAC: "11:22:33:44:55:66",
    crc: "0xABCD1234",        // error detection trailer
    payload: data,
  };
  console.log(`[L2 Data Link] Ethernet Frame created (MAC ${frame.sourceMAC} → ${frame.destMAC})`);
  return physicalLayer(frame);
}

function physicalLayer(data) {
  // Layer 1: Physical — convert frame to bit stream (represented as JSON string here)
  const bits = JSON.stringify(data);
  console.log(`[L1 Physical] Transmitting ${bits.length} characters of encoded data as bits on the wire`);
  console.log("\n--- Transmission complete ---\n");
  return bits;
}

// --- Entry point ---
const userMessage = "GET /index.html HTTP/1.1\r\nHost: example.com\r\n\r\n";
console.log("=== OSI Encapsulation Simulation (Sender) ===\n");
console.log(`Original message:\n"${userMessage}"\n`);

const transmitted = applicationLayer(userMessage);

console.log("Full encapsulated structure (nested layers):");
console.log(JSON.stringify(JSON.parse(transmitted), null, 2));

Sample output:

=== OSI Encapsulation Simulation (Sender) ===

Original message:
"GET /index.html HTTP/1.1
Host: example.com

"

[L7 Application] Passing data to Presentation layer
[L6 Presentation] Encoded payload, passing to Session layer
[L5 Session] Session ID: sess-k7mx2qp, passing to Transport layer
[L4 Transport] TCP Segment created (port 54321 → 443)
[L3 Network] IP Packet created (192.168.1.10 → 93.184.216.34)
[L2 Data Link] Ethernet Frame created (MAC AA:BB:CC:DD:EE:FF → 11:22:33:44:55:66)
[L1 Physical] Transmitting 847 characters of encoded data as bits on the wire

--- Transmission complete ---

Each layer's payload field holds the entire structure from the layer above — exactly how real encapsulation nests data inside headers. The receiver would unwrap from the outside in, reading and stripping each header at its corresponding layer.

OSI Model Overview visual 1

Common Mistakes

1. Saying SSL/TLS is strictly a Layer 7 protocol. SSL/TLS handles encryption, which maps to Layer 6 (Presentation) in the OSI model. But TLS also manages a handshake that resembles session setup (Layer 5) and operates on top of TCP (Layer 4). In practice, TLS is not purely at any single OSI layer. In interviews: say TLS is commonly associated with Layer 6 for encryption, but it spans Layers 4-7 in real implementation. Never say it is purely Layer 7.

2. Confusing Session (Layer 5) with Transport (Layer 4). Transport handles end-to-end delivery between hosts, port addressing, segmentation, and reliability (TCP/UDP). Session handles conversation management — opening, maintaining, and gracefully closing sessions between applications. A TCP connection is Layer 4. An RPC session that uses multiple TCP connections is Layer 5. The confusion happens because both deal with "connections" in everyday speech, but the responsibilities are distinct.

3. Saying a switch operates at Layer 3 or a router operates at Layer 2. A standard (unmanaged or managed L2) switch reads MAC addresses — Layer 2. A router reads IP addresses — Layer 3. A Layer 3 switch can do both, but when an interview asks "what layer does a switch operate at?" without qualification, the answer is Layer 2. Answer Layer 3 only if they specifically say "Layer 3 switch" or "multilayer switch."

Interview Questions

Q: What is the OSI model and why does it matter?

The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes network communication into 7 distinct layers. It matters for three reasons: interoperability (devices from different vendors communicate through shared standards), troubleshooting (problems can be isolated to a specific layer), and modular development (each layer can evolve independently without breaking others). In practice the internet uses the TCP/IP model, but OSI remains the universal reference for understanding and explaining networking concepts.

Q: What is the difference between a hub, a switch, and a router in terms of OSI layers?

A hub operates at Layer 1 (Physical) — it receives bits and broadcasts them to every port with no address awareness. A switch operates at Layer 2 (Data Link) — it reads MAC addresses and forwards frames only to the correct port, reducing unnecessary traffic. A router operates at Layer 3 (Network) — it reads IP addresses and makes routing decisions to forward packets across different networks. Each successive device is more intelligent because it reads headers from a higher layer.

Q: What is encapsulation in networking?

Encapsulation is the process of adding protocol headers (and sometimes trailers) at each OSI layer as data travels down the stack on the sender side. At Layer 4, a TCP header is added, creating a segment. At Layer 3, an IP header is added, creating a packet. At Layer 2, an Ethernet header and CRC trailer are added, creating a frame. At Layer 1, the frame is converted to bits. On the receiver side, the process reverses — each layer reads and strips its own header before passing the inner payload up to the next layer. This is called de-encapsulation.

Q: What is a PDU and what are the PDU names at each layer?

PDU stands for Protocol Data Unit — it is the name for the unit of data at a specific OSI layer. The PDU names are: Layer 7/6/5 — Data; Layer 4 — Segment (TCP) or Datagram (UDP); Layer 3 — Packet; Layer 2 — Frame; Layer 1 — Bit. Knowing PDU names shows you understand what is actually being transmitted at each layer, not just the layer names.

Q: Where does ARP (Address Resolution Protocol) fit in the OSI model?

ARP is commonly associated with Layer 2 (Data Link) because it resolves IP addresses to MAC addresses — bridging the gap between Layer 3 logical addressing and Layer 2 physical addressing. Some sources place it between Layer 2 and Layer 3 (sometimes called Layer 2.5). In interviews, the safest answer is Layer 2, with the clarification that ARP sits at the boundary between Layer 2 and Layer 3 since it uses both IP addresses (L3) and MAC addresses (L2).

Quick Reference — Cheat Sheet

Layer #	Name	PDU	Key Protocols / Devices	Primary Function
7	Application	Data	HTTP, HTTPS, FTP, SMTP, DNS, SSH, DHCP, SNMP	Network services to end-user applications
6	Presentation	Data	SSL/TLS (conceptually), JPEG, ASCII, Unicode, JSON	Translation, encryption, compression
5	Session	Data	NetBIOS, RPC, SIP, PPTP	Session establishment, maintenance, and termination
4	Transport	Segment	TCP, UDP	End-to-end delivery, segmentation, flow/error control
3	Network	Packet	IPv4, IPv6, ICMP, OSPF, BGP — Routers, L3 switches	Logical addressing and routing across networks
2	Data Link	Frame	Ethernet, Wi-Fi (802.11), ARP, PPP — Switches, bridges	Node-to-node delivery, MAC addressing, error detection
1	Physical	Bit	Ethernet cables, fiber, USB, RS-232 — Hubs, repeaters	Raw bit transmission over physical medium

Previous: Lesson 1.3 — IP Address vs MAC Address → Next: Lesson 2.2 — Layers 1, 2, and 3 in Depth →

This is Lesson 2.1 of the Networking Interview Prep Course — 8 chapters, 32 lessons.

OSI Model Overview