Intermediate โฑ 60 Minutes Prereq: Module 01

OSI & TCP/IP Models

To exploit a network, you must understand how data is packaged. This module breaks down the layers of communication and how they are targeted by attackers.

1. The OSI Model

Launch OSI Visualizer

The OSI (Open Systems Interconnection) model is a 7-layer framework used to describe how data moves from one device to another.

L7ApplicationData
L6PresentationData
L5SessionData
L4TransportSegments
L3NetworkPackets
L2Data LinkFrames
L1PhysicalBits

Mnemonic Tool

Remember it from bottom (L1) to top (L7): Please Do Not Throw Sausage Pizza Away.

2. Data Encapsulation

As data travels down the layers, each layer adds a "Header" (like an envelope). This process is called Encapsulation. When the receiver gets it, they De-encapsulate it.

[L2 Header] [L3 Header] [L4 Header] [Data Payload] [L2 Trailer]
^--- The "Frame" that actually hits the wire ---^

๐Ÿ›ก๏ธ Deep Packet Inspection (DPI)

Basic firewalls only look at L3 (IP) and L4 (Ports). Modern security tools use DPI to look inside the L7 "Data Payload" to find malware.

3. TCP vs UDP

The Transport Layer (L4) decides how to send data. It's a choice between Reliability and Speed.

FeatureTCP (Transmission Control)UDP (User Datagram)
ConnectionConnection-OrientedConnectionless
SpeedSlower (Reliability overhead)Faster (Fire and forget)
ReliabilityGuaranteed DeliveryNo Guarantee
ExamplesHTTP, SSH, FTPDNS, VoIP, Gaming

4. The 3-Way Handshake

Launch Handshake Sim

Before TCP sends any real data, it performs a 3-step greeting to ensure both sides are ready.

1. Client -> [SYN] -> Server (Synchronize?)
2. Server -> [SYN/ACK] -> Client (Yes, Synchronize & Acknowledge)
3. Client -> [ACK] -> Server (Understood, Acknowledged)

๐Ÿ’€ SYN Flood Attack

Hackers send thousands of [SYN] packets but never send the final [ACK]. This leaves the server's memory full of "half-open" connections, causing a Denial of Service (DoS).

5. Layer-Based Attacks

Hackers target specific layers depending on their goal. Knowing where an attack lives helps you defend against it.

OSI LayerAttack Examples
Layer 7 (App)SQL Injection, Cross-Site Scripting (XSS)
Layer 4 (Transport)Port Scanning, SYN Flooding
Layer 3 (Network)IP Spoofing, ICMP Smurfing
Layer 2 (Data Link)ARP Spoofing, MAC Flooding

๐Ÿงช Mini Exercise

Run a "Stealth Scan" using Nmap: sudo nmap -sS [target-ip].
This performs a "Half-Open" handshake (SYN, then RST) to see if a port is open without completing the connection.

๐Ÿ“Œ Module Recap

  • OSI Model has 7 layers; TCP/IP has 4 layers.
  • Encapsulation wraps data in headers as it moves down the stack.
  • TCP is reliable (Handshake); UDP is fast (No Handshake).
  • Security issues exist at every layer of the stack.
โ† Previous Module
Next: IP Addressing & Subnetting
Next Module โ†’