Post cover image

June 16, 2026

The OSI Model and the 7 Layers Explained

What is the OSI model?

Olaniyi Oluwaseyi

5 min read

The OSI model (Open Systems Interconnection Reference Model) is the process data takes to traverse our network through encapsulation and decapsulation. The OSI model can be used to operate different protocols. By understanding the OSI model, we can communicate with anyone in information technology in a way they can understand; it does not matter if they work in your organisation or another.

The OSI Model can be seen as a universal language for computer networking. It is based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last.

Why is the OSI model important?

The OSI model is a 7-layer framework that standardises how computers communicate over a network. It is essential in modern networking for the following reasons:

Interoperability: Allows devices and software from different vendors to communicate using a common standard.

Troubleshooting: Helps engineers quickly isolate network issues to a specific layer, whether physical, transport, or application.

Modular Design: Each layer is independent, so one layer can be updated without disrupting the rest.

Common Language: Gives IT professionals a shared vocabulary when discussing network issues.

Security: Helps identify where attacks occur, for example, DDoS at Layers 3 and 4 and phishing at Layer 7, and where to apply defences.

In short, the OSI model is the blueprint of modern networking. It keeps the internet organised, understandable, and fixable.

What are the 7 Layers of the OSI Model?

None

Layer 7 — Application Layer

This is the layer that we see. It is the only layer that directly interacts with user data because any time we are interacting with an application, we are operating at Layer 7 of the OSI model. The common application protocols that operate on this layer include HTTP, FTP, SMTP, TELNET, and DNS.

Attacks at this layer:

  • Phishing — Attackers craft fake emails or websites to steal credentials from users
  • Cross-Site Scripting (XSS) — Malicious scripts are injected into web applications to steal data or hijack sessions
  • SQL Injection — Attackers inject malicious queries into web application inputs to access or manipulate databases
  • HTTP Floods — A type of DDoS attack that overwhelms web servers with a massive volume of HTTP requests

Layer 6 — Presentation Layer

This layer is responsible for making data ready for the application layer to use. This layer is in charge of encryption, translating, and compression of data.

Attacks at this layer:

  • SSL Stripping — Attackers downgrade a secure HTTPS connection to HTTP, exposing data in plain text
  • Man-in-the-Middle (MitM) — Attackers intercept encrypted data between two parties during transmission
  • Malformed Data Attacks — Attackers send incorrectly formatted or malicious data to crash or exploit the receiving application

Layer 5 — Session Layer

This layer is responsible for communication management between devices, including start, stop, and restart. Control and tunnelling protocols are often found on the session layer.

Attacks at this layer:

  • Session Hijacking — Attackers steal a valid session token to impersonate a legitimate user without needing their password
  • Session Fixation — Attackers force a victim to use a specific session ID that the attacker already knows, allowing them to take over the session after login
  • Brute Force against Sessions — Attackers repeatedly try different session IDs to guess a valid one

Layer 4 — Transport Layer

Known as the "Post Office" layer because this layer is responsible for end-to-end communication between two devices. This layer takes large data and breaks it down into segments to be sent across the network, then puts them back together on the other side. The common protocols found at this layer are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Attacks at this layer:

  • SYN Flood — Attackers send a large number of TCP SYN requests to a server without completing the handshake, exhausting server resources and causing a denial of service
  • UDP Flood — Attackers overwhelm a target with UDP packets, consuming bandwidth and causing the system to become unresponsive
  • Port Scanning — Attackers use tools like Nmap to discover which ports are open on a target system, identifying potential entry points

Layer 3 — Network Layer

The network layer is responsible for data transfer between two different networks. It breaks up segments from the transport layer into smaller units called 'packets' on the sender's device and reassembles these packets on the receiving device. This is often referred to as the router layer because this is where routers determine how to forward traffic, specifically looking at the destination IP. Anything relating to IP, subnet masking, and routing all happens on the network layer.

Attacks at this layer:

  • IP Spoofing — Attackers forge the source IP address in packets to disguise their identity or impersonate a trusted device
  • ICMP Flood (Ping Flood) — Attackers overwhelm a target with ICMP echo requests, consuming resources and causing disruption
  • Routing Table Poisoning — Attackers manipulate routing tables to redirect legitimate traffic through malicious paths, enabling interception or disruption

Layer 2 — Data Link Layer

This layer is the foundation of communication. The data link layer facilitates data transfer between two devices on the same network. It takes packets from the network layer and breaks them into smaller pieces called frames. This layer can also be referred to as the MAC (Media Access Control) layer, which is associated with the network card on our devices.

Attacks at this layer:

  • ARP Spoofing — Attackers send fake ARP messages to link their MAC address to a legitimate IP address, allowing them to intercept traffic on the local network
  • MAC Flooding — Attackers overwhelm a network switch with fake MAC addresses, forcing it into a mode where it broadcasts all traffic to every device on the network
  • VLAN Hopping — Attackers exploit misconfigured switches to gain access to VLANs they should not have access to

Layer 1 — Physical Layer

This layer is the physics of the network. It is associated with the physical entities responsible for keeping a network running, such as cables, connectors, and switches. When this layer is dysfunctional, you have a physical problem that needs troubleshooting.

Attacks at this layer:

  • Physical Tampering — Attackers physically interfere with network hardware, cables, or devices to disrupt or intercept communications
  • Wiretapping — Attackers physically tap into network cables to eavesdrop on data being transmitted
  • Jamming — Attackers use devices to emit signals that disrupt wireless communications, causing denial of service on Wi-Fi networks
  • Hardware Implants — Malicious hardware devices are secretly inserted into network infrastructure to intercept or manipulate data

How Data is Sent Through the OSI Model

  • Application (Layer 7) — Data is created, for example, an email or web request.
  • Presentation (Layer 6) — Data is formatted, encrypted, or compressed.
  • Session (Layer 5) — A session and connection are established.
  • Transport (Layer 4) — Data is broken into segments, and ports and reliability are added through TCP or UDP.
  • Network (Layer 3) — Segments become packets, and IP addresses are added for routing.
  • Data Link (Layer 2) — Packets become frames, and MAC addresses are added.
  • Physical (Layer 1) — Frames become bits, which are electrical signals, light, or radio waves sent over the wire.

A Simple Analogy

None

Think of the OSI model like placing an order on a shopping app:

  • Layer 7 — Application: You place an order on a shopping app
  • Layer 6 — Presentation: The order is translated into the store's language and format
  • Layer 5 — Session: A call and session is opened between you and the store
  • Layer 4 — Transport: The store splits your large order into separate boxes
  • Layer 3 — Network: Each box is labeled with your home address
  • Layer 2 — Data Link: Each box gets a barcode for the local courier
  • Layer 1 — Physical: The boxes are physically loaded onto a delivery truck

A simple acronym to remember the 7 layers from top to bottom is 'Angry Programmers Sometimes Throw Network Devices Physically'.